Comment by BoppreH

> But what I don't see is what I can practically do now, as either someone who is a CTO/Big Cheese™ or a lowly engineer?

Migrate! The major TLS and OpenSSH applications already support PQC, for example.

1. Make sure you have the required dependencies (e.g., openssl 3.5+ is when a lot of PQC algorithms got support).

2. Make sure the client/server software is up to date (this might be all that's needed, e.g., OpenSSH 10.0+ enables PQC in-transit encryption by default, and so does Chrome 131+).

3. Enable PQC support in the configuration (e.g., "ssl_ecdh_curve X25519MLKEM768;" in Nginx).

If you are the developer of anything that's explicitly using RSA or ECC (or god forbid Diffie-Hellman), you can also migrate your own software, or at least make the algorithm selectable at initialization time instead of hardcoded. If you have vendors, ask them for their PQC migration roadmaps.

Note that with encrypted data you want to protect yourself against attackers that are capturing data today and waiting to break it in the future (Harvest-Now, Decrypt-Later). So migrating encryption is more urgent than migrating authentication.