The threat model at Entergy starts with the grid itself - 16,100 circuit miles of high-voltage transmission lines and 107,000 circuit miles of distribution infrastructure feeding 3 million customers across Arkansas, Louisiana, Mississippi, and Texas. That's a massive attack surface spanning operational technology (OT) and IT, where a compromised SCADA system or phishing foothold doesn't just mean data loss; it means physical disruption to critical infrastructure serving a 91,000-square-mile service area. The company operates roughly 24,000 megawatts of generation capacity, making the blast radius of any serious cyber incident a regional concern, not just a corporate one.
Entergy's security teams operate at the convergence of industrial control systems and enterprise networks - the kind of environment where air-gapped networks are theoretical and legacy OT protocols coexist uneasily with modern cloud stacks. With approximately 12,000 employees, the organization is large enough to sustain dedicated cybersecurity functions but still demands that practitioners understand the operational realities of power generation, transmission, and distribution. This isn't abstract policy work; it's defending infrastructure where downtime has cascading physical consequences.
The utility has been recognized for its commitments to sustainability and corporate citizenship, but the operational challenge remains concrete: securing aging grid infrastructure alongside modernization efforts, managing supply chain risk across a sprawling service territory, and maintaining resilience against threats that evolve faster than regulatory frameworks. For security professionals, the draw is specificity - you're not protecting widgets, you're protecting the system that keeps the lights on across four states.