Post-quantum migration—
on the wire
Most PQC consulting stops at a slide deck. I assess the cryptography your systems actually negotiate, design the migration, and bridge the endpoints that can't be upgraded—proven in code, not just advice. Now taking a small number of early partners in Taiwan.
Why now
The waiting is over. The standards are final, the threat is active, and local guidance has landed.
The standards are final
NIST has ratified ML-KEM (FIPS 203) and its signature companions. There is no more "wait and see" — the algorithms you migrate to are decided. The only open question is how you get there without breaking production.
Harvest now, decrypt later
Adversaries are capturing encrypted traffic today to decrypt once quantum computers mature. Taiwan organizations sit unusually high on that target list. Every day on classical-only crypto adds to the corpus that will be readable later.
The guidance is local now
Taiwan's MODA has issued a PQC migration guideline and the FSC sets cryptographic standards for financial institutions — alongside CNSA 2.0 and M-23-02 abroad. Most organizations still can't answer the first question an auditor asks: what crypto are we running?
What I do
Three ways to engage, from a fixed-scope first step to hands-on deployment.
PQC Posture Assessment
A complete inventory of the TLS cryptography your systems actually negotiate — cipher suites, key-exchange groups, protocol versions, certificate chains — mapped against MODA, FSC, and CNSA 2.0, and delivered as a prioritized migration roadmap. Fixed scope, 2–4 weeks. Auditor-ready. Most engagements start here.
Migration Strategy & Advisory
Architecture review, algorithm and timeline selection, vendor evaluation, and hands-on guidance for your team. I help you sequence the migration so the hard-to-upgrade systems don't block the deadline.
Bridge Deployment
For the endpoints you can't upgrade — legacy software, third-party appliances, embedded devices — I deploy TLS Lane to negotiate post-quantum crypto on the wire and translate to classical systems transparently. PQC compliance for systems that will never natively support it.
Why work with me
I'm Wei-Hsiang Hsiung. I've spent a decade building inline TLS interception engines — a consumer-privacy appliance, then IBM Security's TLS inline decryption service, now TLS Lane — backed by 25+ years in security systems and 33 granted US patents. I don't advise on post-quantum migration from the outside; I build the machinery that does it.
- I built TLS Lane — a single-binary TLS splice agent that inventories live handshakes and upgrades them to post-quantum crypto (X25519+ML-KEM-768, FIPS 203), inline via eBPF or as a proxy. Deployed across a multi-host fleet with continuous interoperability testing.
- 33 granted US patents — in TLS protocol security, cryptographic key management, certificate handling, and network inspection. See the portfolio.
- Deep TLS internals — handshake, record layer, AEAD, cross-version (TLS 1.2 ↔ 1.3) bridging, certificate minting, identity-preserving mTLS. I read TLS as a wire format, not an abstraction.
- Systems and kernel networking — C++17, eBPF/TC, and the kind of security engineering where a bug is a key disclosure, not a 500.
- Compliance fluency — I speak both sides: the regulation your auditor cites and the codepoint on the wire that satisfies it.
- Based in Taiwan — bilingual (English / 繁體中文), your timezone, and available on-site for local partners.
Early-partner program
I'm working hands-on with a small number of Taiwan organizations as early partners. You get a direct line to the engineer who builds the tooling and a PQC posture assessment grounded in your real traffic; I get deployment feedback from the field. Limited slots.
Get in touch
The fastest start is a PQC Posture Assessment — in a few weeks you'll know exactly what crypto you're running and what it takes to get compliant. Low commitment, immediately useful, no obligation to go further.