SECU is the second largest credit union in the United States, a member-owned not-for-profit cooperative founded in 1937 in North Carolina. With over $56 billion in assets and more than 2.9 million members, the institution operates 275 branches and 1,100 ATMs across the state, delivering savings accounts, checking accounts, loans, mortgages, credit cards, and investment products to state employees and their families. For a cybersecurity team, the attack surface is significant: millions of member accounts, a sprawling branch network, mobile and digital banking platforms, and a phone-based member services channel - all handling financial data at scale.
The threat model for a credit union of this size centers on credential stuffing and account takeover across 2.9 million member accounts, phishing campaigns targeting both members and branch staff, fraud through lending and mortgage workflows, and lateral movement risks across an infrastructure that spans physical branches, ATMs, online banking, and mobile applications. The cooperative structure means there's no external shareholder pressure for shortcuts - security investments serve the members directly - but it also means the mandate is defense of the entire financial lifecycle, from deposit to loan origination to card transactions.
SECU's operating philosophy of "People Helping People" extends to how the organization structures itself. The credit union has committed over $300 million to community development projects since 2004 and maintains a service model that relies on in-branch support alongside digital channels. For security engineers, this hybrid environment - physical and digital, high-touch and automated - presents concrete challenges in identity and access management, fraud detection, secure software delivery for banking platforms, and protecting the integrity of financial operations at institutional scale.