The only firm built exclusively for PQC transition.

QSA was founded by former ASD cryptographers and Commonwealth CISOs with a single mandate: help Australian government and critical infrastructure navigate the transition to Post-Quantum Cryptography before the window closes.

40+

Government engagements

ASD-cleared principals

100%

Advisory — no software

2019

Founded — PQC-only

Why organisations choose QSA.

PQC transition is a once-in-a-generation cryptographic change. The advisory firm you engage needs deep technical capability, government-grade experience, and zero conflicts of interest. QSA was built for exactly this.

Government-native practice

Our principals have held cryptographic governance roles inside Commonwealth agencies and possess active security clearances. We do not parachute in generalists — we deploy practitioners who have operated in the environments they are assessing.

No software to sell

QSA is a pure advisory practice. We have no product revenue, no vendor agreements, and no incentive to recommend any particular PQC toolset. Our recommendations are determined entirely by your estate and your risk profile.

Artefact-first methodology

Every engagement produces discrete, standalone artefacts that your organisation owns unconditionally. We design our deliverables to persist — and to survive QSA's departure from the engagement.

ASD alignment from first principles

We do not retrofit ASD compliance as a checklist exercise. Our methodology was designed from the ground up against the ASD ISM, PSPF, and the 2026–2030 PQC mandate timeline — so alignment is structural, not cosmetic.

OT and IT capability

Most advisory practices cannot credibly assess operational technology environments. QSA has a dedicated OT cryptography capability, with practitioners who understand ICS, SCADA, and the asset-lifetime constraints that make OT environments categorically different.

Executive and technical fluency

We write for boards and for engineers in the same engagement. Our deliverables bridge the governance narrative required at the executive level and the technical specificity required to populate a backlog — without producing two separate documents.

The principals.

Dr. Sarah Chen

Founding Partner — Cryptography

Former lead cryptographer at the Australian Signals Directorate. 18 years in applied cryptography and government-grade security architecture. Holds a PhD in lattice-based cryptography from ANU. Led the ASD's internal PQC transition planning programme before founding QSA.

PhD, Lattice-based Cryptography (ANU)

Former ASD Senior Cryptographer

FIPS 203/204/205 working group contributor

James Whitfield

Founding Partner — Government Advisory

Former CISO at Services Australia and Deputy Secretary in the Department of Finance. 22 years in Commonwealth technology governance, risk, and security. Designed the cryptographic governance framework adopted across the Australian Public Service in 2022.

Former CISO, Services Australia

Former Deputy Secretary, Finance

AICD Fellow

Priya Nair

Principal — Critical Infrastructure

Specialist in OT/IT convergence security and cryptographic risk for critical infrastructure operators. Previously led the cybersecurity function at a major ASX-listed energy company. AESCSF assessor and APRA CPS 234 advisory specialist.

AESCSF Assessor

APRA CPS 234 Specialist

Former CISO, Energy Sector

Regulatory and standards alignment.

Australian Signals Directorate — PQC mandate alignment

Protective Security Policy Framework (PSPF)

Information Security Manual (ISM)

APRA CPS 234 — Information Security

AESCSF v2.0 — Energy Sector

NIST FIPS 203 / 204 / 205

ISO/IEC 27001

Who we work with.

Federal Government

Portfolio agencies, shared services, regulatory bodies

16+

Critical Infrastructure

Energy, water, transport, communications

12+

Defence Industry

Primes and tier-2 suppliers with ITAR/EAR obligations

Financial Services

ADIs, insurers, and payment infrastructure operators

Request a briefing