Tuesday Jul 01, 2025

Parthasarathi Chakraborty on Building Architectural Assurance Functions

Most security architecture programs struggle to demonstrate their value because they focus on creating diagrams rather than driving implementation. Parthasarathi Chakraborty, Former Deputy CISO at Natixis CIB, shares his approach to transforming security architecture from theoretical frameworks to measurable business impact. 

With experience across Fortune 15 banks to mid-market companies, Partha gives Casey a peek into how his "architectural assurance function" bridges the critical gap between security requirements and engineering implementation, reducing incidents, accelerating deployment times, and proving security's ROI to business leaders.

Topics discussed:

  • Why many organizations have security architecture in name only, with PowerPoint diagrams and Word documents that provide little practical guidance to engineering teams.
  • How to turn high-level security principles into detailed engineering specifications that developers can actually implement.
  • Tracking how architecture maturity reduces time-to-market for applications, minimizes configuration drift, and decreases security incidents.
  • Building a specialized team with both technical depth and breadth to validate whether engineering implementations adhere to security requirements.
  • Incorporating compliance standards, threat data, and security operations insights to create risk-based architectural requirements that address real-world threats.
  • Codifying security blueprint requirements into cloud security posture management systems to detect and remediate drift automatically.
  • Ensuring security requirements remain simple enough for teams to adopt while still addressing critical risks.
  • Navigating initial resistance through clear communication, demonstrating value, and creating structured roles and responsibilities.
  • Creating feedback loops between security architecture, engineering teams, and assurance functions to continuously improve both requirements and implementation.
  • Evolving from reactive patching toward proactive security design that prevents vulnerabilities from reaching production.

Listen to more episodes: 

Apple 

Spotify 

YouTube

Website

Comment (0)

No comments yet. Be the first to say something!

Copyright 2024 All rights reserved.

Podcast Powered By Podbean

Version: 20241125