Virtual Interview: “Mukund Sarma Is Redefining FinTech Security Through Innovation and Vision”
Mukund Sarma is a distinguished cybersecurity leader and the Head of Product Security at Chime Financial, Inc., where he oversees application security, cloud security, and data security initiatives. With over a decade of experience, Mukund has shaped FinTech security strategies for high-growth tech companies by developing innovative and impactful solutions that integrate seamlessly with engineering workflows. His leadership has redefined application security, cloud security, and data protection. Among his groundbreaking creations are Monocle, a gamified application security platform, and Overwatch, a serverless orchestration system that has revolutionized vulnerability migration practices.
Sachin Negi : Welcome, Mukund! As a top expert and thought leader in FinTech application security, can you please share your journey into this domain and how your work has reshaped industry practices?
Mukund: Thank you for having me. My journey began as a software engineer developing cryptographic key-sharing protocols, laying the groundwork for my expertise in securing sensitive data. Over time, I transitioned into roles emphasizing application and cloud security, culminating in leadership positions where I could directly influence long-term securitization strategies and shape strategic initiatives.
A defining moment in my career came during my tenure at Credit Karma, where I spearheaded the development of a secure sandboxed environment that transformed how marketing teams operated by enabling large-scale marketing operations while upholding rigorous security standards. By ensuring robust security without slowing down business operations, this innovation became a benchmark adopted by peers throughout the industry.
Currently, I lead the Product Security Organization at Chime Financial Inc., overseeing application security, cloud security, and data security, with my work currently centered on empowering developers with intuitive security tools. One such tool, “Monocle,” gamifies security practices, integrating seamlessly into workflows and fostering a culture of proactive security–a philosophy that has become one of the defining contributions of my career so far. This tool’s success was recognized with the 2024 CSO Award for its innovative approach to application security.
Sachin Negi : Why is there such an urgency around developing and adopting robust FinTech application security measures and practices? What’s truly at stake?
Mukund: FinTech is one of the most targeted industries by cybercriminals due to the value of the data and transactions it handles. For individuals, the stakes are deeply personal, as breaches can lead to identity theft, fraud, and the loss of sensitive financial data. For businesses, the risks are monumental—without robust security measures, data breaches can lead to financial loss, regulatory penalties, and severe reputational damage.
Recent high-profile data breach incidents illustrate the escalating stakes in FinTech security. In July 2024, Evolve Bank & Trust–a critical partner to FinTech industry partners like Affirm Inc. and Mercury Technologies Inc.–fell victim to a ransomware attack that exposed the personal information of over 7.6 million individuals. Just months later, in November 2024, Finastra, a prominent London-based financial software provider to some of the world’s most prestigious banks, faced a catastrophic data breach in which hackers stole 400GB of highly sensitive data, shaking the industry to its core. These breaches highlight the critical importance of implementing comprehensive security measures to protect sensitive financial data and maintain trust in the FinTech industry.
With the increasing complexity of financial applications, especially those leveraging emerging technologies like AI, blockchain, and decentralized finance (DeFi), the attack surface has expanded significantly. Threat actors are evolving just as quickly, employing advanced tactics such as deepfake fraud and supply chain attacks. Without proactive security measures, businesses risk not only their operational integrity but also the trust of their customers—a cornerstone of any financial institution’s success.
The challenge is further compounded by the increasing interconnectedness of modern financial ecosystems, making a single breach capable of triggering cascading effects across multiple systems. This is why the development of scalable, innovative security tools and practices is non-negotiable. This interconnectedness demands innovative, scalable measures to safeguard not only operational integrity but also the trust that underpins financial systems.
Sachin Negi : Your contributions to the industry have been transformative. Can you share a few key innovations and their broader impact on FinTech security?
Mukund: Certainly–at Chime, I spearheaded the development of “Overwatch,” a serverless security orchestration platform that automates vulnerability identification and mitigation. By reducing high-risk exposure by 90%, Overwatch has set a new industry standard and been adopted by leading organizations like SecurityScorecard, Inc. and Apiiro, setting new benchmarks for security automation. Recognized at BSidesSF and featured on prominent industry podcasts.
Another impactful tool I developed is a configuration-driven Service-to-Service Authentication and Authorization platform, currently under review for a USPTO patent. This platform has revolutionized API security at scale by enabling seamless scalability across hundreds of microservices. Its efficiency drew the attention of experts like Jason Chan, Netflix’s VP of Information Security and Jacob Salassi, Snowflake’s Director of Product Security, leading to an invitation to present at esteemed forums like LocomocoSec 2024.
I have also developed patented blockchain technology that has garnered widespread recognition for the ability to address critical challenges in scalability and security, forming the backbone for platforms developed by companies like KNUCT Technologies and SoftPath Technologies, who rely on this technology to remain competitive in a crowded market. As a result, these developments have advanced blockchain’s practical applications, from asset tokenization to transaction optimization.
These innovations—spanning API security, application security, and blockchain—demonstrate my commitment to creating scalable, impactful solutions that not only protect organizations but also enable their growth and success.
Sachin Negi : It’s clear that your work has reshaped the industry. How has the industry recognized your contributions?
Mukund: I’m honored to have received accolades such as the 2024 Global InfoSec Trailblazer Award from Cyber Defense Magazine, which celebrates transformative contributions to cybersecurity. My work has been featured in trade publications like Silicon UK and SC Magazine, and I’ve shared my insights at conferences such as BSides, RSA and on industry podcasts, including The Future of Application Security. Platforms like these provide invaluable opportunities to contribute to and shape critical discussions around the future of cybersecurity.
Sachin Negi : Given your industry expertise, what trends and challenges do you foresee shaping FinTech security in the next five years?
Mukund: The FinTech industry is entering a period of rapid transformation, driven by emerging technologies and evolving threats. Emerging challenges include Deepfake-based fraud and sophisticated supply chain attacks, which are becoming more prevalent and demand innovative tools beyond traditional security measures to detect and mitigate these advanced threats. As AI-based solutions gain adoption, traditional security tools—designed to detect deterministic vulnerabilities—are often insufficient to address these emerging threats. Decentralized finance (DeFi) is another major trend, introducing unique security paradigms that require holistic solutions due to its decentralized and trustless architecture. Addressing these issues will require significant innovation and the development of entirely new tools and approaches.
The regulatory landscape is also evolving quickly. Striking the right balance between security and innovation will demand close collaboration between industry leaders and policymakers–shared threat intelligence and unified frameworks can strengthen defenses across the industry. To stay ahead, the industry must embrace novel tools, shared threat intelligence, and unified security standards. These measures will be instrumental in maintaining the stability and trustworthiness of global financial systems.
Sachin Negi : What are your recommendations to companies to proactively address emerging threats and anticipate the direction the industry is headed?
Mukund: The foundation of security lies in mastering the basics–maintaining accurate asset inventories, patching vulnerabilities promptly, and enforcing multi-factor authentication (MFA). These practices prevent most breaches.
Beyond the basics, companies should adopt zero-trust architectures, invest in security automation, and integrate security into development workflows. Staying proactive by engaging in threat intelligence sharing and anticipating regulatory changes will further strengthen their defenses. Ultimately, fostering a culture of security awareness and adaptability is key to mitigating risks in an ever-evolving threat landscape.
Sachin Negi : That’s very insightful. What advice would you give to aspiring professionals in the field?
Mukund: My advice is two-fold: focus on building strong technical skills and understand how security aligns with broader business objectives. Today’s security professionals must balance robust defenses without stifling business growth. Anticipate challenges and stay curious–innovation stems from foresight. Most importantly, embrace collaboration; the best solutions often emerge from cross-functional teamwork.
Sachin Negi : Thank you, Mukund, for sharing your journey and insights. Your work has undeniably shaped the future of FinTech security.
Mukund: Thank you for having me. It’s been a pleasure discussing these critical topics and contributing to the ongoing evolution of the industry.
