Repeat guest Chris McGrath joins us to discuss how increasingly strict regulations are requiring increased rigor, visibility, and auditability for enterprise digital certificates and PKI.
Tim Callan
Chief Compliance Officer
As Chief Experience Officer, Tim Callan leads efforts to optimize the customer journey across all aspects of the business. Tim has more than 20 years of experience as a strategic marketing and product leader for successful B2B software and SaaS companies, with 15 years of experience in the SSL and PKI technology spaces.
Tim Callan has over 20 years of experience in the SSL and PKI technology spaces. Tim leads Sectigo's conformance with industry and regulatory requirements including browser root programs, WebTrust, CA/Browser Forum, and more. Tim is instrumental in driving initiatives to improve certificate agility and successful issuance. A founding member of the CA/Browser Forum and current vice-chair for one of its working groups, Tim is creator and co-host of Root Causes: A PKI and Security Podcast, the world’s most popular podcast dedicated to digital certificates. With 400+ episodes published, Tim is on the forefront of explaining trends that will be essential to the IT professionals, including shortening certificate lifespans and the coming change to post-quantum cryptography.
Recent posts by Tim Callan
Senior cyber security advisor Chris McGrath joins us to discuss redefining digital certificates and their role in your organizational security profile, increasing regulation of certificates, and how enterprises can up their certificate game.
We name the ten enterprise environments and use cases that are most likely to be late adopters of post quantum cryptography (PQC).
We discuss the foundational importance of time in PKI and security in general. This includes when things happen, the order in which things happen, and attacks based on time-spoofing. We drill down on certificates, roots, timestamping, Certificate Transparency, patching, audits, and PQC.
In our concluding episode on the topic, we scrutinize arguments make for and against QWACs, this time focused on "compliance and interoperability."
In our second of three episodes on the topic, we scrutinize arguments make for and against QWACs, this time focused on "governance and sovereignty."
In 2026, state and local governments must adopt automation, Zero Trust, and certificate lifecycle management to strengthen cybersecurity resilience.
Security Debt: The risk you didn’t budget for
As a follow up to our episode 546, we break down the first of three sets of arguments about QWACs and examine their level of validity.