Academy Sports + Outdoors operates 301 retail locations across 21 states, processing transactions for hunting, fishing, camping, and sports equipment while managing both physical and digital commerce infrastructure. The company reported $6.4 billion in sales for fiscal 2022, operating a retail environment that requires securing point-of-sale systems, inventory management platforms, customer data, and payment processing across a distributed footprint from headquarters in Katy, Texas. The technical environment runs on AWS cloud infrastructure with a mixed operating system environment spanning Windows, Linux, Unix, macOS, and legacy AS400 systems - a combination that creates specific challenges for consistent security controls and monitoring.
The threat model is standard retail: card data protection requirements under PCI DSS, customer PII exposure risks across e-commerce and in-store systems, supply chain integrity for inventory systems, and the operational technology securing 301 physical locations. With over 22,000 employees, insider risk management and identity governance across stores, distribution centers, and corporate systems represent ongoing operational security concerns. The mixed legacy and cloud infrastructure suggests ongoing modernization work where security architecture must bridge multiple technical generations.
Security operations here involve protecting distributed retail infrastructure, maintaining compliance frameworks for payment processing, and managing risk across a technology stack that serves both customer-facing commerce and back-office operations. The scale - hundreds of stores, billions in revenue, thousands of endpoints - means automation and tooling decisions have direct operational impact. Anyone joining the security team will be working in an environment where business continuity, fraud prevention, and data protection intersect with the practical constraints of supporting legacy systems while modernizing infrastructure.