// about

About this blog - and about me

Niels Ferguson & Bruce Schneier

Attacks always get better; they never get worse.

My name is Marvin Sprey, and I believe post-quantum cryptography is the most important security topic of the next decade. Not because quantum computers are operational tomorrow – but because the migration to quantum-safe cryptography takes time that many organisations are quietly letting slip by. This blog is my attempt to change that. Not through fearmongering, but through substance.

Who I am

I work as an IT security consultant at HiSolutions AG, Germany's leading specialist consultancies in cybersecurity and IT management. There, I'm part of a small team building the post-quantum cryptography and crypto-agility consulting practice from the ground up – from product development to client implementation. PQC is not an academic side topic for me. It's daily practice. Before that, I spent three years as a frontend and fullstack developer, a year building an internal ISMS, and half a year teaching IT security and networking at a vocational school. I hold a Bachelor's degree in Communication Science and will complete my Master's in IT Security and Digital Forensics in summer 2025 – with a research focus on PQC and cryptographic asset inventory. This combination is not a coincidence. It's the reason I write this blog: I can engage with the subject technically, I've learned how to explain it, and I see every day where practice lags behind theory.

What to expect here

No surface-level content. No "quantum computers are dangerous, do something" articles. Instead: mathematical foundations that are actually explained. Algorithms that are not just named but understood. Migration strategies that work in the real world. And a close look at what BSI, NIST and the EU are doing – and why.

The content is aimed at technically curious readers as well as CISOs, IT leaders and anyone who wants to understand PQC beyond the buzzword.

A small technical detail

Every article on this blog is signed with ML-DSA-65 – one of the new NIST standards for post-quantum digital signatures. You can verify the signature of each article directly in your browser. Not because it's strictly necessary, but because it demonstrates what's already possible.

Important notice

All content on this blog reflects solely my personal opinion and knowledge. It does not represent the official position of HiSolutions AG and should not be understood as professional consulting advice.