About

LaMarr Labs exists because the organizations with the most at stake in the post-quantum transition have the least operational clarity on what it actually requires.

A small, senior practice. Every engagement is led personally by Addie LaMarr.

The Perspective Behind the Framework

“Eight years managing classified cryptographic systems under NSA directives yields a specific vantage point. The gaps in enterprise cryptographic governance are visible from inside the systems. That is where this practice was built.”

8 years · USAF COMSEC Specialist
NSA Cryptographic Directives
FBI CISO Advisor · DOJ
OJP CISO Advisor · DOJ
NIST High Value Asset Policy Contributor
International Keynote · CyberNova · Antwerp, 2026

Addie LaMarr built the Quantum Risk Migration Framework from a vantage point most advisory firms cannot replicate.

Eight years as a COMSEC Specialist in the United States Air Force: Wing-level cryptographic infrastructure, key material management under NSA directives, cryptographic incident investigation, and semi-annual account inventories across a multi-site operational environment. Then DOJ: advisor to the FBI CISO and the Office of Justice Programs CISO on enterprise security strategy, author of cybersecurity policy for DOJ components, and direct contributor to the NIST High Value Asset federal cybersecurity policy project.

That background shaped the methodology. Cryptographic risk in enterprise environments rarely lives where the documentation says it does. It lives in the vendor-managed TLS endpoint that never got explicitly scoped, the encrypted backup infrastructure that predates the current key management policy, the certificate authority three separate teams assume someone else is monitoring. The pattern recognition that finds those gaps comes from having been responsible for them, not from having studied them.

The practice works with financial services, life sciences, critical infrastructure, and complex enterprise environments, the places where “just migrate” is the wrong frame: vendor-controlled surfaces, long-lived sensitive data, and procurement constraints. The four-client limit, the independence from vendors and implementation, and the explicit handling of unknowns all follow from taking the data seriously.

The academic model behind the firm's portfolio tooling had an error its peer reviewers missed. She found it, and the authors confirmed it in writing.

What Guides This Work

Visibility before action

At LaMarr Labs, a cryptographic decision feeds a migration roadmap only once it traces to verified evidence; until then it stays in discovery work. When evidence is missing, the accurate label is Unknown, and that label keeps downstream decisions off false confidence.

Governance before engineering

Post-quantum transition fails at the governance layer before it fails at the technical layer. Unclear ownership, vendor dependencies that weren't mapped, and migration sequences that don't account for contractual constraints produce planning documents that engineering teams cannot execute.

Independence from vendors and implementation

LaMarr Labs does not sell tools, resell vendor products, or bundle implementation into advisory retainers. The roadmap must be credible when it recommends not migrating certain systems, delaying certain waves, or applying vendor pressure that the vendor would not prefer.

Decision-grade clarity over analytical coverage

The deliverable is the minimum viable clarity that lets the board approve investment, the engineering team execute a sequence, and procurement apply appropriate vendor pressure, rather than the most comprehensive possible description of the cryptographic estate. The product is the decisions it enables.

If the framing here matches what your board, regulator, or executive team has started raising, the right next step is a briefing.

Request an Initial Briefing