About LaMarr Labs | Quantum Risk Governance & Cryptographic Advisory

About

LaMarr Labs exists because the organizations with the most quantum cryptographic exposure have the least operational clarity on what the transition actually requires.

A small, senior team. Advisory led by Addie LaMarr. Technical infrastructure supported by a CTO with backgrounds at Google and Citibank.

The Perspective Behind the Framework

4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 

“Eight years managing classified cryptographic systems under NSA directives yields a specific vantage point. The gaps in enterprise cryptographic governance are visible from inside the systems — and that is where this practice was built.”

8 years · USAF COMSEC Specialist

NSA Cryptographic Directives

FBI CISO Advisor · DOJ

OJP CISO Advisor · DOJ

NIST High Value Asset Policy Contributor

International Keynote · CyberNova · Antwerp, 2026

Addie LaMarr built the Quantum Risk Migration Framework from a vantage point most advisory firms cannot replicate.

Eight years as a COMSEC Specialist in the United States Air Force: Wing-level cryptographic infrastructure, key material management under NSA directives, cryptographic incident investigation, and semi-annual account inventories across a multi-site operational environment. Then DOJ: advisor to the FBI CISO and the Office of Justice Programs CISO on enterprise security strategy, author of cybersecurity policy for DOJ components, and direct contributor to the NIST High Value Asset federal cybersecurity policy project.

That background shaped the methodology. Cryptographic risk in enterprise environments rarely lives where the documentation says it does. It lives in the vendor-managed TLS endpoint that never got explicitly scoped, the encrypted backup infrastructure that predates the current key management policy, the certificate authority three separate teams assume someone else is monitoring. The pattern recognition that finds those gaps comes from having been responsible for them, not from having studied them.

LaMarr Labs works with financial services firms, life sciences organizations, critical infrastructure operators, and complex enterprise environments where the cryptographic migration problem is genuinely hard: vendor-controlled surfaces, long-lived sensitive data, regulatory accountability, and procurement constraints that make “just migrate” the wrong frame.

The design of this practice follows from a specific conviction: the data being protected is real, and the failure modes in cryptographic governance have real consequences. The four-client limit, the structural independence from vendors and implementation, and the explicit handling of unknowns all follow from taking that seriously.

What Guides This Work

Visibility before action

Cryptographic decisions that cannot be traced to verified evidence don't drive migration roadmaps at LaMarr Labs. They drive discovery work. When evidence is missing, the accurate label is Unknown. That label prevents downstream decisions from being built on false confidence.

Governance before engineering

Post-quantum transition fails at the governance layer before it fails at the technical layer. Unclear ownership, vendor dependencies that weren't mapped, and migration sequences that don't account for contractual constraints produce planning documents that engineering teams cannot execute.

Independence from vendors and implementation

LaMarr Labs does not sell tools, resell vendor products, or bundle implementation into advisory retainers. The roadmap must be credible when it recommends not migrating certain systems, delaying certain waves, or applying vendor pressure that the vendor would not prefer.

Decision-grade clarity, not analytical coverage

The deliverable is not the most comprehensive possible description of the cryptographic estate. It is the minimum viable clarity that lets the board approve investment, the engineering team execute a sequence, and procurement apply appropriate vendor pressure. Volume is not the product. Decisions are.

4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 4f 70 65 6e 20 74 68 65 20 64 6f 6f 72 20 74 6f 20 74 68 65 20 66 75 74 75 72 65 20 51 75 61 6e 74 75 6d 20 63 6f 6d 70 75 74 69 6e 67 20 77 69 6c 6c 20 72 65 64 65 66 69 6e 65 20 77 68 61 74 20 69 74 20 6d 65 61 6e 73 20 74 6f 20 62 65 20 73 65 63 75 72 65 20 4e 6f 20 73 65 63 72 65 74 20 69 73 20 70 65 72 6d 61 6e 65 6e 74 20 45 76 65 72 79 20 6c 6f 63 6b 20 77 61 73 20 62 75 69 6c 74 20 77 69 74 68 20 74 68 65 20 74 6f 6f 6c 73 20 6f 66 20 69 74 73 20 74 69 6d 65 

If the framing here matches what your board, regulator, or executive team has started raising, the right next step is a briefing.

Request an Initial Briefing