The Future of Digital Trust: Tim Callan on Certificates, Cryptography, and Identity

Podcast: The Digital Executive (Coruzant Technologies)
Episode: 1138
Date: November 2, 2025
Guest: Tim Callan, Chief Experience Officer, Sectigo
Host: Brian Thomas

Episode Overview

This insightful 10-minute episode explores the future of digital trust through the lens of certificates, cryptography, and digital identity. Tim Callan, a seasoned leader in PKI and SSL, discusses the increasing importance of digital certificates, the move to ever-shorter certificate lifespans, preparations for the post-quantum era, and the evolving landscape of digital identity—including what it means for organizations and everyday users. The conversation combines practical advice with high-level perspectives on managing trust and security in an increasingly digital world.

Key Discussion Points & Insights

1. Foundations of Digital Trust and Tim's Career Path

[01:25 - 02:54]

Tim was drawn to SSL and digital certificates at the inception of the World Wide Web, recognizing early that digital identity and PKI were becoming foundational for safe digital transactions.
The necessity for trust online—knowing you’re really communicating with your bank, retailer, or other entities—sparked his interest and eventually guided his career.
Tim emphasizes the invisibility but critical importance of digital trust:

"Without this concept of digital identity and PKI, we can't do anything. We would be back to pen and paper. This podcast wouldn't be happening. Our phones wouldn't work, our financial systems wouldn't work..." – Tim Callan [01:50]

2. Shortening Certificate Lifespans and the Move to Automation

[03:34 - 05:25]

Certificate lifespans have shrunk dramatically: from 5–10 years historically, to 1 year now, and soon to 6 months; industry is moving towards monthly renewals.
Security is enhanced with shorter certificates:

"Shorter certificates are more secure... a shorter lifespan cert just gives them you a lower risk window... to exploit you and run their attacks." – Tim Callan [03:54]
The operational impact is significant; manual processes are no longer sustainable at this cadence.
Enterprises must embrace automation to avoid outages and manage renewals seamlessly.
Tim encourages IT leaders to advocate internally and prepare budgets for necessary automation:

"...if we don't automate, there are going to be bad impacts." – Tim Callan [05:13]

3. Key Findings: State of Crypto Agility Report

[06:15 - 08:06]

Sectigo’s report examines both short certificate lifespans and organizational preparedness for post-quantum cryptography (PQC).
High concern about shortened certificate validity:

"96% of organizations express concern about the impact that shorter certificates are going to have on their organizations, which is huge." – Tim Callan [07:09]
Less than 20% of organizations feel "very prepared" to manage a 47-day certificate renewal cadence.
On PQC: only 15% feel "extremely confident" in integrating new cryptography without major disruption.
There’s positive movement—90% of organizations are increasing budgets for PQC readiness.
The move to solve both automation for short lifespans and PQC integration can be combined strategically:

"...the two initiatives are very related and in a lot of ways you can kill both birds... with a single stone." – Tim Callan [08:01]

4. The Future of Digital Trust: Identity, Invisibility, and IoT

[08:57 - 12:37]

Digital identity will soon be mainstream for all individuals and devices; the EU and US are both moving towards digital wallets and electronic IDs.
Every process and system will have a digital identity; users may not be involved in management, but will benefit from streamlined experiences.
Tim distinguishes between types of identities:

"The identity of that website and the identity of me as a signer have some different qualities about them." – Tim Callan [08:59]
Trust infrastructure might become “invisible” to users (handled by backend systems like CDNs), but underlying technical accuracy remains vital.
Education for technical professionals is crucial—the public need not know implementation details, but must be able to trust the system works.
Privacy concerns are significant; technical safeguards (like strong PKI and objecting to government-mandated backdoors) must be upheld:

"...if we make encryption correct, then it doesn't matter about the intent of anybody... they simply can't break the encryption whether they want to or not." – Tim Callan [11:55]
"Cryptography and the PKI implemented correctly really is unassailable as long as we make it that way." – Tim Callan [12:30]

Notable Quotes & Memorable Moments

On the critical invisibility of PKI:

"...it's such a basic and important thing that is so invisible to so many people. And I love the idea of helping make that stronger and better and really committed my career to that." – Tim Callan [02:32]
On organizational challenges and automation:

"...we need to really focus on automation, on putting systems in place that are going to help us run these things automatically, just as a matter of business without a human being have to do a thing." – Tim Callan [04:32]
On the interconnected nature of cryptographic modernization:

"...the two of them are connected. But the good news on the PQC side is that 90% of organizations have increasing budget allocation coming." – Tim Callan [07:51]
On the future ubiquity of digital identity:

"...every digital process and entity everywhere needs to have an identity associated with it." – Tim Callan [09:49]
On privacy versus government backdoors:

"There certainly are threats that come against that from things like some governments... who want to install back doors. I believe that those things would be very detrimental to our overall security and our privacy, and I believe we should resist those ideas." – Tim Callan [12:12]

Key Timestamps

[01:25] How Tim got into PKI, and why digital trust matters
[03:34] Challenges of shorter certificate lifespans and need for automation
[06:15] State of Crypto Agility report: survey findings and enterprise concerns
[08:57] How digital identity will shape the next decade
[11:50] Privacy, technical correctness, and the risks of government backdoors

Takeaways

Digital trust infrastructure underpins all digital systems—security, reliability, and privacy depend on it.
Enterprises must prepare for shorter certificate cycles and the coming wave of PQC, which requires both automation and cultural adaptation.
Digital identities will soon touch every individual and system, often invisibly, but require robust professional stewardship.
Ongoing vigilance against threats—technological and regulatory—is vital to preserve trust and privacy.

This episode is a concise yet comprehensive tour through the pressing changes in digital trust, offering both strategic and practical guidance for technology leaders and professionals.

The Future of Digital Trust: Tim Callan on Certificates, Cryptography, and Identity

Podcast: The Digital Executive (Coruzant Technologies)
Episode: 1138
Date: November 2, 2025
Guest: Tim Callan, Chief Experience Officer, Sectigo
Host: Brian Thomas

Episode Overview

Key Discussion Points & Insights

1. Foundations of Digital Trust and Tim's Career Path

[01:25 - 02:54]

Tim was drawn to SSL and digital certificates at the inception of the World Wide Web, recognizing early that digital identity and PKI were becoming foundational for safe digital transactions.
The necessity for trust online—knowing you’re really communicating with your bank, retailer, or other entities—sparked his interest and eventually guided his career.
Tim emphasizes the invisibility but critical importance of digital trust:

"Without this concept of digital identity and PKI, we can't do anything. We would be back to pen and paper. This podcast wouldn't be happening. Our phones wouldn't work, our financial systems wouldn't work..." – Tim Callan [01:50]

2. Shortening Certificate Lifespans and the Move to Automation

[03:34 - 05:25]

Certificate lifespans have shrunk dramatically: from 5–10 years historically, to 1 year now, and soon to 6 months; industry is moving towards monthly renewals.
Security is enhanced with shorter certificates:

"Shorter certificates are more secure... a shorter lifespan cert just gives them you a lower risk window... to exploit you and run their attacks." – Tim Callan [03:54]
The operational impact is significant; manual processes are no longer sustainable at this cadence.
Enterprises must embrace automation to avoid outages and manage renewals seamlessly.
Tim encourages IT leaders to advocate internally and prepare budgets for necessary automation:

"...if we don't automate, there are going to be bad impacts." – Tim Callan [05:13]

3. Key Findings: State of Crypto Agility Report

[06:15 - 08:06]

Sectigo’s report examines both short certificate lifespans and organizational preparedness for post-quantum cryptography (PQC).
High concern about shortened certificate validity:

"96% of organizations express concern about the impact that shorter certificates are going to have on their organizations, which is huge." – Tim Callan [07:09]
Less than 20% of organizations feel "very prepared" to manage a 47-day certificate renewal cadence.
On PQC: only 15% feel "extremely confident" in integrating new cryptography without major disruption.
There’s positive movement—90% of organizations are increasing budgets for PQC readiness.
The move to solve both automation for short lifespans and PQC integration can be combined strategically:

"...the two initiatives are very related and in a lot of ways you can kill both birds... with a single stone." – Tim Callan [08:01]

4. The Future of Digital Trust: Identity, Invisibility, and IoT

[08:57 - 12:37]

Digital identity will soon be mainstream for all individuals and devices; the EU and US are both moving towards digital wallets and electronic IDs.
Every process and system will have a digital identity; users may not be involved in management, but will benefit from streamlined experiences.
Tim distinguishes between types of identities:

"The identity of that website and the identity of me as a signer have some different qualities about them." – Tim Callan [08:59]
Trust infrastructure might become “invisible” to users (handled by backend systems like CDNs), but underlying technical accuracy remains vital.
Education for technical professionals is crucial—the public need not know implementation details, but must be able to trust the system works.
Privacy concerns are significant; technical safeguards (like strong PKI and objecting to government-mandated backdoors) must be upheld:

"...if we make encryption correct, then it doesn't matter about the intent of anybody... they simply can't break the encryption whether they want to or not." – Tim Callan [11:55]
"Cryptography and the PKI implemented correctly really is unassailable as long as we make it that way." – Tim Callan [12:30]

Notable Quotes & Memorable Moments

On the critical invisibility of PKI:

"...it's such a basic and important thing that is so invisible to so many people. And I love the idea of helping make that stronger and better and really committed my career to that." – Tim Callan [02:32]
On organizational challenges and automation:

"...we need to really focus on automation, on putting systems in place that are going to help us run these things automatically, just as a matter of business without a human being have to do a thing." – Tim Callan [04:32]
On the interconnected nature of cryptographic modernization:

"...the two of them are connected. But the good news on the PQC side is that 90% of organizations have increasing budget allocation coming." – Tim Callan [07:51]
On the future ubiquity of digital identity:

"...every digital process and entity everywhere needs to have an identity associated with it." – Tim Callan [09:49]
On privacy versus government backdoors:

"There certainly are threats that come against that from things like some governments... who want to install back doors. I believe that those things would be very detrimental to our overall security and our privacy, and I believe we should resist those ideas." – Tim Callan [12:12]

Key Timestamps

[01:25] How Tim got into PKI, and why digital trust matters
[03:34] Challenges of shorter certificate lifespans and need for automation
[06:15] State of Crypto Agility report: survey findings and enterprise concerns
[08:57] How digital identity will shape the next decade
[11:50] Privacy, technical correctness, and the risks of government backdoors

Takeaways

Digital trust infrastructure underpins all digital systems—security, reliability, and privacy depend on it.
Enterprises must prepare for shorter certificate cycles and the coming wave of PQC, which requires both automation and cultural adaptation.
Digital identities will soon touch every individual and system, often invisibly, but require robust professional stewardship.
Ongoing vigilance against threats—technological and regulatory—is vital to preserve trust and privacy.

This episode is a concise yet comprehensive tour through the pressing changes in digital trust, offering both strategic and practical guidance for technology leaders and professionals.

wavePod

The Future of Digital Trust: Tim Callan on Certificates, Cryptography, and Identity | Ep 1138

Powered by Wave AI

Summary

The Future of Digital Trust: Tim Callan on Certificates, Cryptography, and Identity

Episode Overview

Key Discussion Points & Insights

1. Foundations of Digital Trust and Tim's Career Path

2. Shortening Certificate Lifespans and the Move to Automation

3. Key Findings: State of Crypto Agility Report

4. The Future of Digital Trust: Identity, Invisibility, and IoT

Notable Quotes & Memorable Moments

Key Timestamps

Takeaways

Summary

The Future of Digital Trust: Tim Callan on Certificates, Cryptography, and Identity

Episode Overview

Key Discussion Points & Insights

1. Foundations of Digital Trust and Tim's Career Path

2. Shortening Certificate Lifespans and the Move to Automation

3. Key Findings: State of Crypto Agility Report

4. The Future of Digital Trust: Identity, Invisibility, and IoT

Notable Quotes & Memorable Moments

Key Timestamps

Takeaways