About PQC Consultancy

Practical, transparent PQC migration for organisations that need expert guidance without enterprise price tags.

Our Mission

Making PQC Migration Achievable for Normal Organisations

Post-quantum cryptography migration is a significant undertaking, but it doesn’t require unlimited budgets or massive teams. We make PQC migration accessible for mid-market organisations — the ones with small security teams, fixed budgets, and real compliance deadlines.

We’re a new practice, backed by 25 years of cybersecurity consulting experience. We created PQC Consultancy because we saw a gap: enterprise consultancies charge £100k+ for PQC engagements, while smaller organisations are left to figure it out alone. We provide the same rigorous assessment methodology at price points that don’t require board-level procurement approval.

Our approach is practical: inventory your cryptographic estate, identify what’s vulnerable, map findings to vendor timelines, and deliver a prioritised migration plan your team can actually execute. No fear-mongering, no theoretical hand-waving — just clear, actionable guidance aligned to NIS2, DORA, and NCSC 2035 requirements.

Abstract visualization representing team collaboration and forward-looking vision

About INKASEC

PQC Consultancy is operated by INKASEC, a cybersecurity services company founded in 2017 and based in London, UK. We created PQC Consultancy as a dedicated practice to address the growing need for accessible post-quantum migration services. INKASEC brings established cybersecurity expertise across financial services, critical infrastructure, and technology sectors.

Our Team

GE

Gleb Etinzon

Director

25+ years in cybersecurity across financial services and critical infrastructure. Previously Head of IT Audit at Unilever. Gleb leads all client engagements personally, ensuring direct access to senior expertise from day one — not a junior consultant learning on your engagement.

Recent Engagement

Q4 2025 | Tier 2 Assurance

Global Escrow Services Company

We completed a Tier 2 Assurance assessment for a global escrow services company with several hundred protected assets across multiple environments. We identified instances of deprecated algorithms and challenging third-party dependencies, delivering a prioritised remediation roadmap within 3 weeks.

We’re building our case study portfolio and offer founding client rates. Get in touch to discuss.

How We Handle Your Data

Security of your source code and infrastructure data is paramount.

Isolation

All source code is processed in isolated, sandboxed environments with no internet access during analysis.

Encrypted at Rest

All uploaded files are encrypted using AES-256 at rest and TLS 1.3 in transit.

Auto-Deleted

Source code is automatically deleted after scanning. We retain only the CBOM output, never your code.

NDAs Available

We sign mutual NDAs before any detailed discussions about your infrastructure or security posture.

Hardening

All processing environments are fully hardened in line with CIS benchmark recommendations.

Strong Identity Management

Access to client data is on a strict need-to-know basis with least privilege principles enforced throughout.

Our Values

Security First

We never compromise on security. Our recommendations prioritise the protection of your data and systems above all else.

Honesty

We tell you what you need to hear, not what you want to hear. Realistic assessments lead to effective solutions.

Independence

We're not tied to any vendor or product. Our recommendations are based solely on what's best for your organisation.

Education

We believe in empowering our clients. Every engagement includes knowledge transfer so your team can maintain security independently.

Practicality

Academic theory is useful, but we focus on practical, implementable solutions that work in real-world environments.

Forward Thinking

We stay ahead of the curve, continuously researching emerging threats and solutions to keep our clients prepared.

Why We Are Different:

A Pragmatic Approach

  • Operational Ownership: We don’t just deliver reports; we provide the Programme Management necessary to oversee the total transformation of your servers, nodes, containers, and source code repositories.
  • Supply Chain Integrity: we help IT service suppliers meet the "reasonable expectations" of their customers by validating the resilience of their entire digital delivery chain.
  • Regulatory Precision: Our frameworks align with global regulatory requirements including UK NCSC roadmaps, EU mandates (NIS2, DORA), US guidance (NSA CNSA 2.0, CISA advisories, NIST standards), and emerging Asia-Pacific frameworks. We ensure your migration strategy satisfies insurers, auditors, and regulators across all jurisdictions where you operate.
  • Legacy Integration: We specialise in identifying and managing legacy systems that cannot be easily patched, providing clear, phased pathways to quantum-safe status.
  • Continuous Crypto-Agility: We go beyond static patches by embedding "crypto-agility" into your architecture. We help you transition from hard-coded, rigid encryption to modular systems that allow for the seamless swapping of algorithms. This ensures that as quantum standards evolve, your organisation can adapt instantly without another costly, ground-up infrastructure overhaul.

Industry Experience

  • Financial services and banking: Aligning legacy applications and payment processing systems with DORA resilience standards.
  • Healthcare and life sciences: Protecting long-term sensitive data, including genomic records and Electronic Health Records (EHRs), which must remain secure for 50+ years.
  • Technology and software: Enabling vendors to differentiate and grow by proactively addressing enterprise customers' quantum security requirements — turning PQC readiness into a competitive advantage and new revenue opportunity rather than just a compliance checkbox.
  • Critical infrastructure: Securing Industrial Control Systems (ICS) and Smart Grids under NIS2 mandates.
  • Telecommunications: Auditing the cryptographic handshakes between on-prem IT orchestration layers and physical network functions.
  • E-commerce and retail: Securing the high-volume transaction layer and customer identity management systems.
  • Manufacturing: Protecting Intellectual Property (IP) and securing automated supply chain logistics.

Ready to Work With Us?

Let's discuss how we can help your organisation prepare for the quantum future.

Get in Touch