In the rapidly evolving world of cybersecurity, especially concerning the medical sector, understanding complex threats is crucial.
Following the recent CyberWiseCon Europe 2024 event in Vilnius, Lithuania, we spoke with Aleksandr Gmyza, Head of Cybersecurity at the Republican Scientific and Practical Centre of Medical Technologies. He offers expert insights into post-quantum cryptography, securing healthcare systems, and the essential skills for future cybersecurity professionals.
Aleksandr, As An Expert In Post-Quantum Cryptography And Applied Security, Could You Share What Initially Drew You To This Field And What Drives Your Current Work?
I appreciate the opportunity to share what drives my work in this field. My interest in cryptography and cybersecurity began early during my studies in Applied Mathematics and Information Security at Belarusian State University. Over time, I became increasingly fascinated by the intersection of mathematical theory and secure communication, where abstract models have a direct impact on real-world resilience.
Today, I lead the Cybersecurity Department at the Republican Scientific and Practical Centre of Medical Technologies. My role involves securing a wide range of critical systems, from electronic medical records and diagnostic platforms to research computing clusters and remote-access environments.
We secure over 1,000 endpoints and safeguard sensitive data, ensuring that both clinical operations and biomedical research remain uninterrupted, secure and compliant.
What motivates me most is the urgent need to transition these vital systems to quantum-resistant cryptography. The shift to a post-quantum world is no longer theoretical, and I believe it’s our responsibility to prepare high-value infrastructures now, before quantum threats materialise.
In Your Talk “Post-Quantum Cryptography In Applied Security Systems: Transition Strategies And Implementation Risks” You Covered Some Complex Topics. What Makes This Subject Particularly Relevant Today?
The decision to focus on post-quantum cryptography was driven by the rapid advancements in quantum computing and its potential to disrupt existing cryptographic systems. Many of the public-key systems we depend on, in everything from healthcare and finance to national infrastructure could be rendered vulnerable by sufficiently powerful quantum attacks.
Given that we’re on the brink of this transition, it’s critical to start thinking about the long-term implications and prepare our systems for the inevitable shift. Migration to post-quantum cryptography requires careful planning, interoperability challenges, and risk management, especially in sectors with long lifecycle systems and high regulatory requirements.
By addressing these challenges proactively, we’re not only defending against a future threat, but also reinforcing current architectures to be more agile and resilient. This dual benefit is why I believe the transition must begin now.
More from Interviews
- A Chat with AJ Balance, Chief Product Officer at Grindr
- A Chat with Jennifer Cohen Solal, CEO and Co-Founder at Private Sales Platform: Hushday
- Stylish Practicality: Interview With Benoît Favier, CEO of EuroCave
- A Chat with Tom McNally, Founder at Self-Assessment App: Pie
- Global Marketer and Innovator – Interview With Nikolett Vilmos
- A Chat with André Picart, Co-Founder at Creative Marketing Agency: Tribera
- No Investors, No Problem: Gurhan Kiziloz On Building Nexus International To $1.45B Without External Capital
- A Chat with Alice Li, Investment Partner and Head of North America at Foresight Ventures
Your Talk Was Presented To A Wide Audience At Cyberwisecon Europe 2024. Did You Receive Any Feedback From The Attendees Regarding Your Talk On Post-Quantum Cryptography?
Yes, the feedback was highly positive. Many attendees appreciated the practical approach I took to address the real-world challenges of transitioning large-scale systems to post-quantum algorithms.
The discussions that followed were insightful, especially around the trade-offs involved in terms of performance, integration risks, and the standardisation timelines for these cryptographic algorithms. It was encouraging to see that the audience recognised the urgency of starting this transition now, even as some aspects of the post-quantum landscape continue to evolve.
You Discussed The Transition Strategies From Current Cryptographic Systems To Post-Quantum Ones. What Do You See As The Biggest Hurdle For Organisations That Need To Make This Transition?
The biggest hurdle is the complexity of the transition itself. Many organisations are still using traditional encryption methods, and integrating post-quantum algorithms into their infrastructure is not a straightforward process.
This involves not just replacing old algorithms with new ones but ensuring compatibility with existing systems, addressing performance trade-offs, and re-engineering applications to maintain operational efficiency.
Beyond the technical refactoring, there are real concerns around interoperability, performance overhead and long-term support. Post-quantum algorithms tend to have larger key sizes and different computational profiles, which can impact system efficiency and user experience if not carefully managed.
Another major challenge is timing. Standardisation of post-quantum algorithms is still ongoing, which makes it challenging to commit to a specific solution.
You’ve Worked Extensively On Applying Cryptographic Algorithms In Secure Systems. What Practical Challenges Do You Foresee When Integrating Post-Quantum Cryptography Into Existing Infrastructures?
One of the main practical challenges will be ensuring backwards compatibility during the transition. Most existing systems and software were built with classical cryptographic algorithms, so swapping those out for post-quantum algorithms requires careful integration planning.
Careful integration planning is essential, especially in environments where systems must interoperate across different generations of security protocols.
For instance, encrypting sensitive data in a way that remains secure even with the advent of quantum computing in the future requires us to consider hybrid systems that work with both current and post-quantum algorithms during the transition period. This allows organisations to begin the migration while still supporting legacy systems and protocols.
Another challenge is the additional hardware requirements, as post-quantum algorithms tend to require more processing power, which may not be feasible for all devices, especially IoT devices, where hardware limitations may prevent direct adoption without redesign or optimisation.
The Conference Brought Together Academics, Cryptographers, And Security Engineers. What Were Some Of The Most Interesting Or Surprising Insights You Gained From Your Interactions With Other Experts In The Field?
What struck me most was how quickly the community is moving forward in terms of collaboration. There is a growing consensus on the importance of preparing for quantum threats, even if the threat is still several years away. The urgency is real, especially for systems that must remain secure long-term.
What was particularly interesting was how the conversation has shifted from if we should prepare, to how we do it in practical, scalable ways. I had insightful exchanges with both academics working on formal security proofs and engineers tackling implementation challenges in constrained environments.
The willingness to share early findings, test results, and transition strategies is helping the entire ecosystem move forward faster and more responsibly.
During Your Career, You’ve Worked Extensively With Healthcare Systems. How Do Security Priorities Differ There Compared To Other Sectors?
The most fundamental difference is the risk context. In healthcare, a cybersecurity failure isn’t just a matter of financial loss or reputational damage, it can disrupt critical treatments, delay diagnoses, or even directly endanger patient lives. That changes the entire threat model. Protecting availability and safety becomes just as important as maintaining confidentiality and integrity.
Another challenge is technical diversity. Healthcare systems often run a mix of legacy devices, proprietary diagnostic equipment, and modern cloud-based platforms. A decade-old lab machine might share network space with a cloud-native analytics platform. That complicates segmentation, visibility, and control.
And finally, there’s the human factor. Clinicians and medical staff aren’t cybersecurity experts, nor should they be. Our job is to build security into systems in a way that supports care delivery without adding friction.
What Do You See As The Most Significant Gap In The Current Generation Of Cybersecurity Specialists?
One of the main gaps I observe is the lack of architectural thinking. Many cybersecurity specialists are highly skilled with individual tools and technologies, but they often struggle when tasked with designing systems that can withstand failure and remain resilient in the face of it. This kind of thinking is essential in healthcare, where the cost of failure is extremely high.
Another challenge is the lack of real-world, operational experience. Cybersecurity isn’t just about knowing the theory or configuring systems; it’s about making the right decisions in high-pressure environments. Maintaining operations while securing critical systems requires a level of calmness and decision-making that only comes from real-time, hands-on experience.
How Do You Address These Gaps In Your Role As A Mentor?
In my mentoring, I focus heavily on system-level understanding. It’s essential to view security as an integral part of the entire IT ecosystem, rather than as an afterthought or a set of isolated controls. I encourage thinking beyond the tools and toward designing resilient, scalable, and secure infrastructures from the ground up.
I also place a strong emphasis on practical, scenario-based learning. For example, we simulate high-pressure incidents where the response must be both immediate and carefully measured to avoid disrupting ongoing medical operations. This approach provides professionals with the hands-on experience they need to manage the chaos of a real-world breach without compromising patient care.
What Are The Main Areas Of Focus For You In Your Current Role?
Three main areas. First, post-quantum cryptography. We’re mapping out where legacy cryptographic algorithms live in our systems and how they’ll need to change.
Second, we’re strengthening supply chain security, particularly regarding medical IoT, by establishing validation procedures before devices reach the clinical floor. And third, I’ve started writing a book. It’s a technical guide to cybersecurity in healthcare environments. It draws from my experience across hospitals and research centres.
The book will cover real-world implementation patterns, regulatory challenges and how to introduce emerging technologies, such as AI and zero-trust security, into complex clinical environments. The goal is to provide a practical tool for architects, CISOs and engineers working in medical systems.
What Principle Has Remained Constant For You Throughout Your Career?
One principle that has remained constant throughout my career is that security must support operations. In environments like healthcare, if a security measure disrupts care delivery, it won’t be adopted, regardless of its effectiveness.
At the same time, security can’t be so passive or “invisible” in a way that allows breaches to go unnoticed. Our role is to build systems that are seamless and transparent when things are running smoothly, but that also have the capability to respond swiftly and effectively when something goes wrong, without interrupting critical care or research continuity.
Striking that balance, between protection and practicality has always guided how I approach secure system design.
