Join this webinar to learn how modern private Certificate Authorities provide the foundation for managing machine identities at scale, while giving you the visibility, control, and automation required for today’s infrastructure.
Tim Callan
Chief Compliance Officer
As Chief Experience Officer, Tim Callan leads efforts to optimize the customer journey across all aspects of the business. Tim has more than 20 years of experience as a strategic marketing and product leader for successful B2B software and SaaS companies, with 15 years of experience in the SSL and PKI technology spaces.
Tim Callan has over 20 years of experience in the SSL and PKI technology spaces. Tim leads Sectigo's conformance with industry and regulatory requirements including browser root programs, WebTrust, CA/Browser Forum, and more. Tim is instrumental in driving initiatives to improve certificate agility and successful issuance. A founding member of the CA/Browser Forum and current vice-chair for one of its working groups, Tim is creator and co-host of Root Causes: A PKI and Security Podcast, the world’s most popular podcast dedicated to digital certificates. With 400+ episodes published, Tim is on the forefront of explaining trends that will be essential to the IT professionals, including shortening certificate lifespans and the coming change to post-quantum cryptography.
Recent posts by Tim Callan
We are freshly returned from the 2026 ETSI PQC Conference. We give a debrief on the conference, including the difference between post quantum cryptography (PQC) and quantum key distribution (QKD), the algorithmic zoo, PQC for blockchain, the Dunning Kruger Effect, and cryptographic Frogger.
We recently attended the Gartner Risk and Security conference for 2026, where we observed a great deal of attention on not only AI but also post quantum cryptography (PQC). Join us as we share the key takeaways.
2024 saw a flurry of high profile incidents for public CA, which we named the Bugzilla Bloodbath. We look back to see how the WebPKI has changed as a consequence.
Resource-constrained devices may need to address PQC through real-time, seed-based, key generation. Unfortunately, this leaves the full key exposed very briefly in RAM. The potential consequences of this are far-reaching and scary. We go into the details.
Sam Jaques of the University of Waterloo returns to discuss his tracking of progress in quantum computers and offer a perspective on moving our PQC deadlines up to 2029.
An emerging attack against AIs is to create a significantly complex and recursive prompt that will occupy the AI indefinitely or for a sufficiently long time that it acts as a Denial-of-Service (DoS) attack. We describe how this works.
In the latest in our coverage of government versus encryption, the UK issued secret orders to Apple to give it a cryptographic backdoor to Apple's advanced data protection capability for iCloud. Apple responded by eliminating encryption entirely for UK users. We break it down.
TLS 1.3 is required to take advantage of post quantum cryptography (PQC) algorithms. Yes, we still see a lot of TLS 1.2 or earlier in deployment. We examine why this is the case and what to do about it.