SouthState Bank

Truist Financial Corporation operates as a top-10 U.S. commercial bank with $544 billion in assets, serving approximately 15 million clients across a 17-state footprint plus Washington, D.C. The institution maintains 1,900+ branches nationwide while simultaneously developing digital banking solutions - a dual infrastructure that creates a complex attack surface requiring defense across both legacy branch systems and modern cloud-native platforms. For security practitioners, this represents the full spectrum of financial services threat modeling: protecting physical locations, securing distributed client data, hardening mobile and web applications, and defending against the nation-state and criminal actors that consistently target institutions of this scale. The bank's technical domains span branch banking operations, digital banking platforms, and client services infrastructure - each with distinct security requirements. Branch operations demand point-of-sale security, physical access controls, and secure cash handling systems. Digital solutions require application security, API protection, and continuous authentication mechanisms. The sheer client volume - 15 million individuals and businesses - means any vulnerability carries significant blast radius, and regulatory scrutiny from federal banking oversight bodies is constant and rigorous. Truist's purpose-driven banking mission emphasizes community investment and client well-being, which translates operationally to high availability requirements and zero tolerance for service disruption. Security teams here aren't just protecting data; they're protecting community trust and financial stability across nearly a fifth of U.S. states. The company culture emphasizes collaboration, accountability, and professional development resources, including comprehensive benefits and ongoing learning opportunities - infrastructure that matters when building security teams capable of defending against sophisticated threats while managing compliance across multiple regulatory frameworks.

Founded in 1966, Bankdata has grown into one of Denmark's largest financial IT development companies, owned by nine Danish banks that are also its customers. The company builds, monitors, and improves critical digital products that empower businesses and everyday people to make confident financial decisions. Bankdata's solutions are a quiet but essential part of everyday life in Denmark, relied upon by every third Dane, 200,000 companies, and thousands of bank employees who log into their platform a million times daily, processing 86 million transactions through their core systems. Headquartered in Fredericia with development centers in Silkeborg, Aarhus, and India, Bankdata employs approximately 1,100 people who develop complete IT solutions for the banking sector. Their robust, secure systems are engineered to withstand relentless cyber threats while making complex financial decisions easy for users. As a cooperative organization, Bankdata achieves results through teamwork and deep understanding of both technical infrastructure and banking needs, building systems that literally keep Denmark running.

Traditional banking has left customers trapped in outdated systems with hidden fees, slow processes, and impersonal experiences. Mox Bank exists to fundamentally transform how people in Hong Kong interact with their money, leveraging digital innovation to eliminate friction and empower users with complete financial control. By combining Standard Chartered's 160+ years of banking expertise with cutting-edge technology and strategic partnerships with HKT, PCCW, and Trip.com, Mox delivers a mobile-first banking experience that puts customers first. Mox doesn't just offer a bank account - it provides a comprehensive financial ecosystem that grows with users' ambitions. From daily interest credited directly to accounts and unlimited 2% cash back on all spending, to fractional stock trading through Mox Invest and instant access to credit, every feature is designed to remove barriers to financial growth. The bank serves over 650,000 customers who have embraced this new paradigm, proving that transparent, customer-centric digital banking can deliver real value and change lives. Mox represents the future of finance where technology meets human needs, making sophisticated financial tools accessible to everyone.

Regions Bank operates one of the nation's largest full-service banking platforms, serving customers across the South, Midwest, and Texas since 1971. As an S&P 500 financial institution, the bank maintains consumer and commercial banking operations, wealth management services, and mortgage lending - infrastructure that processes high-volume transactions across geographically distributed branches and digital channels. The threat surface spans legacy banking systems, cloud workloads, customer-facing mobile applications, and commercial client integrations, all subject to strict regulatory oversight and continuous attack from credential stuffing to wire fraud attempts. The security architecture runs primarily on AWS, with production workloads protected by AWS WAF, AWS Shield, and Firewall Manager configurations managing ingress filtering across EC2, S3, VPC, RDS, and Lambda deployments. Perimeter defense layers through Palo Alto firewalls and Zscaler's ZPA and ZIA products, routing traffic through zero-trust enforcement points. Infrastructure-as-code deployments use Terraform and CloudFormation, with monitoring centralized through CloudWatch and event routing via SQS and SNS. Development teams work in Python, Go, Java, and Node.js with Git-based CI/CD pipelines pushing to production environments that include both AWS and Azure components. Security teams face the operational reality of protecting financial services infrastructure: third-party payment processors, ACH networks, card systems, and the persistent risk of business email compromise targeting commercial accounts. IAM policies govern access to customer data repositories, while compliance frameworks dictate logging, retention, and incident response protocols. The scale - over 50 years of accumulated systems, regulatory requirements from multiple jurisdictions, and the expectation of 24/7 availability - means security work here involves hardening cloud-native services while managing risk in systems that predate modern tooling.

Starling Bank is Britain's first digital bank, founded in 2014 by Anne Boden with a mission to fix the broken banking system. The company operates as a fully licensed, mobile-only bank with no branches, serving over four million customers across personal, business, joint, and youth accounts. Headquartered in London with offices in Cardiff, Southampton, and Manchester, Starling has grown to employ thousands of people who are committed to delivering fast technology, fair service, and honest values. The bank holds Which? Recommended Provider status and has been named Britain's Best Banking Brand for seven consecutive years. Beyond direct banking services, Starling provides its proprietary technology platform to other financial institutions through Engine by Starling, a software-as-a-service subsidiary. The bank is distinguished by its commitment to responsible banking, transparent pricing with no hidden fees, and industry-leading security features. As a woman-founded company, Starling actively promotes gender equality with 43% of senior managers being women and participation in the Women in Finance Charter. The bank's values extend to environmental responsibility through sustainable banking practices, carbon reduction initiatives, and partnerships focused on climate action.

Shawbrook Bank runs a regulated lending and deposit operation across the UK with over 540,000 customers and £16 billion in deposits - real estate finance, SME credit facilities, consumer loans, and retail savings products moving through digital channels backed by over 1,000 employees. Founded in 2011, the bank operates multiple brands including The Mortgage Lender, Bluestone Mortgages, and JBR Capital, each serving distinct lending segments with different risk and compliance surfaces. The threat model here is classic financial services: customer data exposure, transactional fraud, regulatory breach, and third-party supply chain risk across a distributed technology stack. The bank's technical environment includes Azure cloud infrastructure, Python and PowerShell for automation and tooling, Power BI for analytics, and SAS for risk modeling - a mixed estate that requires defense across cloud-native services, legacy integrations, and data pipelines handling sensitive financial information. Digital lending platforms process loan applications end-to-end, creating attack vectors from application layer down through identity management, API security, and backend processing systems. With FSCS-protected deposits up to £85,000 per customer and over 300,000 savers, operational resilience and data protection aren't theoretical - they're prudential requirements with direct regulatory scrutiny. Security work here spans traditional banking controls - PCI DSS, FCA compliance, operational resilience frameworks - and the engineering problems of securing cloud-native development alongside established banking systems. The scale is regional but the regulatory expectations are unforgiving, and the multi-brand structure means consistent security posture across different customer-facing applications and backend systems. No unicorn equity story, just a mid-sized regulated institution where security engineering directly enables business capability under constant regulatory review.