Navigating Quantum Risks: From Summer School Student to Presenting at De Nederlandsche Bank (DNB)

Each year in August, Security Delta (HSD) organises the International Cyber Security Summer School (ICSSS), in collaboration with NCI Agency, Europol, Leiden University, and several other HSD partners. It is a multiple-day event with one important goal: to prepare upcoming talent for a career in cyber security. Students (PhD, Master) and starters/young professionals will broaden their knowledge about cyber security and will get the chance to partake in a wide array of lectures and challenges on the most current issues and topics in the field of cyber security. 

The programme offers several aspects such as interesting lectures by renowned experts, insiders’ perspectives, group assignments, and fun social activities including company visits and excursions. To learn more about the opportunities the programme can offer, we sat down with Ini Kong, alumnus of the ICSSS 2024.

From academic curiosity to cybersecurity commitment

Ini Kong applied to the ICSSS to strengthen her foundational knowledge in cybersecurity and gain practical exposure to the challenges organisations face. As part of her PhD research, she focuses on supporting public and private organisations in preparing for cryptographic transitions driven by emerging quantum risks, aligning technology, governance, and organisational strategy to enable secure adoption of post quantum technologies.

When Ini began her PhD, cybersecurity was largely new to her. She quickly embraced a steep learning curve and developed a strong working understanding of its fundamentals. She has always been eager to learn from industry experts and apply insights in practical contexts, Ini explains. Thus, ICSSS offered a unique opportunity to engage with professionals, understand real-world challenges, and exchange ideas with peers.

Expectations

Before attending, Ini expected the ICSSS to provide advanced technical knowledge alongside meaningful dialogue with practitioners. She hoped to gain insights that would complement her research and deepen her understanding of how organisations address cybersecurity challenges in complex and evolving environments.

The expectations were fully met from the case-based exercises and expert-led lectures from organisations including NCSC-NL, De Nederlandsche Bank, KPN, Booz Allen Hamilton, Accenture, Secura, PRODAFT, and Group-IB. Beyond technical knowledge, the program reinforced the importance of strategic and human considerations in securing digital transformations and strengthened my understanding of current practices and the cyber threat landscape.

The on-site visits to the NATO Communications and Information Agency (NCIA) and Europol had the greatest impact on her, Ini says. Visiting NCIA offered practical exposure to large-scale security infrastructures, while the trip to Europol provided valuable insights into transnational cybercrime operations. In addition, the interactive group exercises offered different but equally important learning opportunities. The board game exercise with Booz Allen Hamilton allowed her to collaborate with peers to analyse scenarios, discuss potential actions, and make strategic decisions.

The experience gave Ini insight into how decisions play out in practice, the complexities involved, and the importance of working effectively as part of a team while considering multiple perspectives.

Navigating the quantum transition: lessons from the DNB challenge

Ini Kong participated in a challenge given by De Nederlandsche Bank (DNB), which focused on exploring the practical implications of quantum threats for the financial sector and the adoption of post-quantum cryptography (PQC). Their discussions began with Elliptic Curve Cryptography (ECC) and the challenges associated with its adoption. Although ECC was proposed in the 1980s and offers strong security, it was not widely implemented in real systems until the 2000s and 2010s. They learned that many organisations even today continue to face difficulties in adopting it fully, due to legacy systems, interoperability issues, regulatory requirements, and operational complexities.

One of the key insights from the challenge was that moving to PQC presents greater difficulties than previous transitions, and familiar obstacles from earlier adoptions, such as ECC, often persist. This experience highlighted that transitioning to secure cryptography is not only a technical task but also an organisational and strategic one, requiring careful coordination across teams and institutions.

Another insight was that collaboration across diverse backgrounds not only deepened my understanding of the complexities of PQC adoption but also highlighted how knowledge sharing and teamwork are essential for navigating technical, organisational, and strategic challenges in practice.

Presenting her research at DNB

Ini Kong was invited to present her PhD research at DNB, which focuses on how organisations can coordinate their actions to achieve quantum safety. Ini's work proposes a roadmap based on a growth model to support a smooth and secure transition to PQC, highlighting that security cannot be achieved in isolation. If organisations are not secure together, the broader ecosystem remains vulnerable. The transition to PQC involves socio-technical challenges, including new algorithms, evolving standards, and broader ecosystem dependencies. This makes adoption inherently complex and emphasises the need for careful planning, cooperation, and alignment across technical, regulatory, and organisational levels. The presentation at DNB helped Ini understand the bank’s perspective and examine its regulatory role in supporting PQC transitions.

Following the presentation, Ini had valuable discussions with practitioners about PQC. While these conversations did not lead to formal follow-up research or new opportunities, they provided insight into their work and how organisations address practical challenges, including resilience and crisis management, in implementing new cryptographic solutions within the financial sector.

Cybersecurity as a multidisciplinary endeavour

ICSSS contributed to Ini's professional development by emphasising that cybersecurity extends beyond technology. The program highlighted that cybersecurity is multidisciplinary and requires a balance of technical expertise, operational practices, and organisational strategy. ICSSS provided opportunities to collaborate with colleagues from diverse backgrounds and engage with practitioners, allowing Ini to broaden my perspective and learn from their expertise.

Reflecting on her journey, Ini has grown both professionally and personally;

ICSSS enabled me to build strong professional networks, meet like-minded experts, and deepen my understanding of cybersecurity from both technical and practical aspects. On a personal level, the experience fueled my curiosity and reinforced my commitment to applying my knowledge while further developing the skills required to tackle complex challenges. I look forward to building on this foundation and making meaningful contributions at the intersection of security, technology, and organisation.

 

More information about ICSSS 2026

This year's edition will take place from 16 - 21 August 2026. Interested in participating or learning more about future ICSSS editions? Visit the ICSSS website here!