Interviews

Youssef El Maddarsi, Co-Founder and Chief Business Officer of Naoris Protocol – Interview Series

mm

Youssef El Maddarsi, Co-Founder and Chief Business Officer of Naoris Protocol, has spent years helping shape the company’s global business development strategy as it evolved from a cybersecurity startup into a broader post-quantum infrastructure platform. With a background spanning blockchain, AI, venture development, and international business strategy, El Maddarsi has focused on building partnerships and commercial adoption around decentralized security technologies. Beyond his role at Naoris Protocol, he has also expanded into advisory and venture initiatives through Naoris Consulting and Naoris Ventures, both centered on advancing decentralized infrastructure, AI-driven systems, and quantum-resilient technologies across sectors including finance, defense, robotics, and smart cities.

Naoris Protocol is developing what it describes as the world’s first decentralized post-quantum cybersecurity mesh, designed to secure both Web2 and Web3 systems against emerging cyber threats and future quantum computing risks. The platform operates as a “Sub-Zero Layer” beneath existing blockchain and digital infrastructure, using its decentralized proof-of-security (dPoSec) consensus mechanism, Swarm AI, and post-quantum cryptography to continuously validate the integrity of devices, applications, validators, and networks in real time. Rather than relying on centralized security models, Naoris converts devices into validator nodes that collectively monitor and strengthen network trust, with applications spanning DeFi, AI infrastructure, IoT, smart cities, enterprise systems, and critical infrastructure security.

You have spent over seven years helping build Naoris from the ground up, evolving from global business development to Co-Founder and Chief Business Officer. What originally convinced you that decentralized cybersecurity and post-quantum infrastructure would become inevitable, and how has that thesis evolved as quantum threats move from theoretical to demonstrable?

What convinced me was seeing the same security pattern repeat across markets: organisations were investing in more tools, but the model itself remained centralised, reactive, and dependent on trust assumptions that only became visible after failure.

The issue was not a lack of cybersecurity products. The issue was architecture. Most systems still rely on centralised points of control, delayed detection, and fragmented visibility. That creates blind spots, especially as digital infrastructure becomes more distributed across devices, cloud environments, supply chains, and machine-to-machine systems.

That is why we focused on decentralised cybersecurity: moving security from a perimeter model to a continuous validation model, where every participating device can help verify the security posture of the network in real time.

Quantum has made that thesis more urgent. Post-quantum cryptography was once treated as a future research topic. Today, standards are being finalised, migration plans are being discussed by governments and major technology companies, and demonstrations are showing that the timeline is moving from theoretical to practical. For me, the thesis has evolved from “this will eventually matter” to “resilient infrastructure needs to prepare now.”

Several industry advisory groups have warned that the window for migrating to quantum-safe cryptography is already narrowing. From your perspective, how urgent is this threat in practical terms, and are institutions still underpricing the timeline?

The risk is urgent because migration is not a switch. A cryptographically relevant quantum computer may not exist today, but the systems that need to migrate are large, complex, and deeply embedded.

Public-key cryptography sits inside identity systems, secure communications, payment infrastructure, financial platforms, authentication flows, software supply chains, hardware devices, and enterprise systems. Replacing or upgrading those foundations requires inventory, testing, vendor coordination, regulatory alignment, and operational planning.

Institutions are still underpricing the timeline because they tend to focus on when the quantum threat becomes real, rather than how long migration will take. The more relevant question is: how many years does an organisation need to become cryptographically agile, test hybrid approaches, and move critical systems away from quantum-vulnerable algorithms?

There is also the harvest-now-decrypt-later problem. Sensitive data collected today may remain valuable for years. That makes the threat immediate for sectors such as finance, healthcare, defence, government, energy, telecoms, and critical infrastructure. Waiting for a public breakthrough before beginning migration would be the wrong strategy.

An independent researcher recently demonstrated a successful quantum attack on a small elliptic-curve key using publicly available hardware. Does this mark a true inflection point, or is it still more of a warning shot than an immediate systemic risk?

It is a warning shot, but an important one. It does not mean that modern production systems are suddenly broken. Today’s widely used cryptographic keys remain far beyond the capability of current publicly available quantum machines.

What matters is the direction of travel. Demonstrations like this move quantum risk out of the purely theoretical category and into the realm of practical experimentation. Even when the immediate target is small, it helps the industry understand how quickly techniques, hardware access, and resource estimates can evolve.

So the right response is not panic. The right response is preparation. Organisations should use these demonstrations as a trigger to build cryptographic agility, identify exposed cryptographic dependencies, and create migration paths before the pressure becomes operational.

The industry often frames post-quantum cryptography as a technical upgrade. Why do you argue that the real issue is governance rather than purely cryptographic implementation?

Because the algorithms are only one part of the problem. NIST has finalised post-quantum standards, which gives the market a much clearer technical foundation. But having standards does not automatically migrate an ecosystem.

The harder question is governance: who decides when to migrate, who pays for the transition, which systems move first, what happens to legacy infrastructure, and how organisations avoid creating new risks during the upgrade.

This is especially important for shared infrastructure. Enterprises, cloud providers, identity systems, financial institutions, vendors, regulators, and customers all have to move in a coordinated way. If one part of the ecosystem is ready and another is not, the overall risk remains.

That is why post-quantum readiness is not just a cryptography project. It is an infrastructure governance project. The institutions that perform best will be those that build cryptographic agility early, establish clear ownership, and treat migration as a long-term resilience programme rather than a last-minute software patch.

Many digital systems rely on exposed public keys or legacy public-key cryptography. If migration is not coordinated globally, what realistically happens to those assets and systems in a post-quantum scenario?

Without coordination, exposure becomes uneven and difficult to manage. Some organisations will migrate early, some will move slowly, and some legacy systems may remain vulnerable for years because they are dormant, difficult to upgrade, or poorly inventoried.

That creates a long tail of risk. Any system with exposed or long-lived public keys could become a priority target once quantum capability matures. The challenge is not only technical compromise; it is also loss of confidence. Users, customers, counterparties, and regulators need assurance that the trust layer behind digital systems is being actively protected.

The realistic outcome of an uncoordinated migration is fragmentation. Some platforms may restrict old formats, some may force upgrades, some may rely on hybrid protections, and others may leave legacy risk in place. None of those options is ideal if they happen under pressure.

The better path is to plan migration before the crisis point: identify vulnerable systems, create transition rules, communicate timelines, and give users and institutions enough time to move safely.

Which sectors relying on cryptographic trust infrastructure are most exposed today, and where could a quantum breakthrough cause the most immediate economic disruption?

Financial services are among the most exposed because cryptography underpins identity, authentication, settlement, custody, messaging, and transaction authorisation. If the trust layer is weakened, the impact can be immediate and systemic.

But the exposure is much broader than financial markets. Healthcare depends on long-lived confidentiality. Energy and telecoms depend on resilient operational systems. Supply chains depend on integrity and provenance. Governments and defence organisations depend on secure communications and identity. As more infrastructure becomes software-defined and machine-to-machine, cryptographic trust becomes a foundation for daily operations.

A quantum breakthrough would therefore not be limited to one technology category. It would challenge the assumptions behind secure communications, digital identity, data integrity, operational continuity, and legal accountability.

That is why this has to be treated as a cross-sector resilience issue. Post-quantum readiness is not only about protecting data. It is about preserving trust in the digital systems that modern organisations and economies rely on.

Enterprises already running distributed, cloud-based, or cryptographically secured systems face a different risk profile than retail users. What does a credible migration timeline look like for large institutions that cannot simply “upgrade overnight”?

For large institutions, credible migration starts with cryptographic agility: the ability to change cryptographic primitives without redesigning the entire business.

The first phase is discovery. Organisations need to know where vulnerable cryptography exists across applications, certificates, APIs, identity systems, key management, hardware security modules, vendor products, cloud services, and third-party dependencies. Many institutions do not yet have that full inventory.

The second phase is hybrid deployment. That means testing post-quantum algorithms alongside existing classical systems so organisations can manage performance, interoperability, compliance, and operational risk.

The third phase is staged migration. Critical systems should move first, followed by broader enterprise systems as standards, vendor support, and ecosystem compatibility mature.

This is a multi-year process. That is why the correct time to begin is before the threat becomes urgent. By the time a quantum breakthrough is visible to the market, the safest migration window may already have narrowed.

Naoris focuses on transforming devices into validation nodes within a decentralized trust mesh, where every component continuously verifies others in real time. How does this architecture change the way we think about securing digital infrastructure against quantum and systemic cyber threats?

Traditional cybersecurity assumes trust first and reacts when that trust fails. Naoris starts from the opposite premise: trust should be continuously proven.

The architecture turns participating devices and endpoints into part of a decentralised security-validation mesh. Instead of relying only on a central authority or a static perimeter, devices can help verify the security posture and integrity of the wider environment in real time.

That changes the model from passive defence to active resilience. Security becomes continuous, distributed, and measurable. A compromised or misconfigured component can be identified faster because it is being assessed by the network rather than only by a central monitoring layer.

Post-quantum readiness fits naturally into this model. Quantum risk is not something that can be solved by adding a single tool at the edge. It has to be embedded into the trust architecture, with cryptographic agility, continuous validation, and support for post-quantum standards built into the infrastructure itself.

A separate Layer-1 Web3 ecosystem uses $NAORIS as its utility token. How should readers understand the relationship between that ecosystem and Naoris’s cybersecurity work?

It is important to be very clear on the structure. Naoris, the cybersecurity business I represent, is legally and operationally separate from the independent entity that offers the Layer-1 Web3 ecosystem where $NAORIS functions as a utility token. I do not speak on behalf of that entity, and I am not involved in token issuance, token listings, exchange activity, token governance, or ecosystem economics.

At a high level, $NAORIS belongs to that separate Web3 ecosystem. Its use cases are blockchain-native and relate to participation in the Layer-1 network and Web3 applications built around that environment. Any token-related matters sit with that separate entity.

My focus is Naoris’s cybersecurity infrastructure: decentralised security validation, post-quantum readiness, enterprise resilience, and digital trust. Those areas can be conceptually adjacent to Web3 infrastructure, but they are not the same business, legal structure, or operational mandate.

That distinction matters. Naoris’s role is cybersecurity and infrastructure resilience. The token is part of a separate Web3 ecosystem, and I do not represent or speak for that ecosystem.

Looking ahead, do you expect a gradual transition to post-quantum infrastructure, or will the industry be forced into a sudden, reactive migration triggered by a breakthrough event?

I expect both. The most prepared organisations will transition gradually. They will inventory their cryptography, build cryptographic agility, test hybrid systems, and move critical infrastructure toward post-quantum readiness before they are forced to do so.

But a large part of the market is still waiting for a more visible trigger. That is risky. A major quantum demonstration, a credible acceleration in hardware capability, or a high-profile incident could turn a planned migration into a rushed emergency.

The danger is not only the arrival of quantum capability. The danger is the gap between awareness and action. Organisations know this transition is coming, but many have not yet assigned ownership, budget, or timelines.

The institutions that act early will have more control over the process. Those that wait may find themselves trying to migrate complex infrastructure at exactly the moment when confidence, time, and operational flexibility are lowest.

Thank you for the great interview, readers who wish to learn more should visit Naoris Protocol.

Antoine is a visionary futurist and the driving force behind Securities.io, a cutting-edge fintech platform focused on investing in disruptive technologies. With a deep understanding of financial markets and emerging technologies, he is passionate about how innovation will redefine the global economy. In addition to founding Securities.io, Antoine launched Unite.AI, a top news outlet covering breakthroughs in AI and robotics. Known for his forward-thinking approach, Antoine is a recognized thought leader dedicated to exploring how innovation will shape the future of finance.