TLS and PKI Migration to Post-Quantum for a Cross-Border Bank
Overview
What this challenge is about.
Receive an anonymized TLS inventory (endpoint, current cipher suite, TLS version, certificate issuer, last rotation, business criticality) and the bank's PKI hierarchy. Score endpoints on PQC-readiness (TLS 1.3 yes/no, library version, controllability). Design a hybrid-handshake pilot on 30 endpoints using a TLS 1.3 hybrid key-exchange (X25519+ML-KEM-768) with named telemetry (handshake latency, error rate, client-compat coverage). Build the 36-month roadmap covering PKI re-issuance under ML-DSA, library upgrade waves, vendor dependencies, and a crypto-agility runbook. Deliver: 18-page strategy + roadmap, 8-page pilot design, crypto-agility runbook, and a board readout deck.
The Brief
What you'll do, and what you'll demonstrate.
Design a defensible 36-month PQC migration plan with a 30-endpoint hybrid-handshake pilot that the BaFin examiners will accept as evidence of cryptographic agility.
Earning criteria — what you'll demonstrate
- Inventory TLS endpoints and score PQC-readiness defensibly
- Design a TLS 1.3 hybrid key-exchange pilot with measurable telemetry
- Sequence PKI re-issuance under ML-DSA across a 4-tier hierarchy
- Write a crypto-agility runbook a DORA examiner will accept
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.