Security Glossary

Business Email Compromise — a fraud scheme where attackers impersonate executives or vendors to trick employees into transferring money or data.

The defensive security team that monitors for and responds to threats. Counterpart to the red team.

Command and Control — the infrastructure attackers use to communicate with malware on compromised systems and issue instructions.

Certified Ethical Hacker — a certification covering hacking techniques. Considered entry-level in the offensive security world.

Continuous Integration/Continuous Deployment — the automated pipeline that builds, tests, and deploys software. Security checks are increasingly integrated here.

Certified Information Security Manager — a management-focused security certification for people who lead security programs rather than do hands-on technical work.

Certified Information Systems Security Professional — a highly respected security certification. Requires 5 years of work experience and a difficult exam. Senior-level credential.

CompTIA Cybersecurity Analyst — a mid-level certification focused on threat detection and analysis. Good for SOC analyst roles.

An entry-level security certification covering broad security concepts. Good for candidates entering the field.

Common Vulnerabilities and Exposures — a standardized identifier for publicly known security vulnerabilities. A CVE number means the vulnerability is documented and has a severity score.

Common Vulnerability Scoring System — a 0–10 scale rating the severity of a security vulnerability. 9–10 = Critical, 7–8.9 = High, etc.

Dynamic Application Security Testing — automated tools that test a running application for security issues by simulating real attacks.

When an attacker steals data from the target environment and transfers it to a location they control.

Data Loss Prevention — tools that detect and prevent unauthorized transfer of sensitive data outside the organization.

Demilitarized Zone — a separate network segment that sits between the public internet and your internal network, typically hosting internet-facing services like web servers.

Endpoint Detection and Response — security software installed on computers and servers that detects threats in real time and allows security teams to investigate and respond remotely.

GIAC Certified Incident Handler — a hands-on certification for incident response. Highly regarded in the IR community.

Health Insurance Portability and Accountability Act — U.S. law requiring healthcare companies and their vendors to protect patient health information.

Infrastructure as Code — managing servers and cloud resources through code files (Terraform, CloudFormation) rather than manual configuration.

Identity and Access Management — the systems and processes that control who can access what in your company's IT environment.

Insecure Direct Object Reference — a web vulnerability where users can access resources they shouldn't by manipulating object identifiers in requests.

Intrusion Detection System / Intrusion Prevention System — tools that monitor network traffic for suspicious patterns and either alert (IDS) or block (IPS) threats.

Indicator of Compromise — evidence that a system has been breached: a malicious IP address, a file hash, a suspicious domain, etc.

An international standard for information security management. Companies get certified to show they have a formal, audited security program in place.

How attackers move from the initial compromised system to other systems in the network, expanding their access.

Managed Detection and Response — a service where an outside company monitors your security environment for you, 24/7.

Multi-Factor Authentication — requiring two or more forms of verification to log in (password + phone code, etc.). Strong control against credential theft.

A publicly maintained knowledge base of real attacker techniques and tactics. Security teams use it to understand how attackers operate and ensure their defenses cover known attack methods.

Next-Generation Firewall — a modern firewall that goes beyond basic packet filtering to inspect application traffic, block threats, and enforce user-based policies.

National Institute of Standards and Technology — a U.S. government agency that publishes widely-used cybersecurity frameworks and guidelines.

NIST Cybersecurity Framework — a popular framework used to organize and improve a company's security program across five functions: Identify, Protect, Detect, Respond, Recover.

Offensive Security Certified Professional — a highly respected hands-on hacking certification that requires actually compromising machines in a 24-hour exam. More rigorous than CEH.

Open Web Application Security Project — a nonprofit that publishes free security resources including the OWASP Top 10, a list of the most critical web application security risks.

Payment Card Industry Data Security Standard — the rules companies must follow to securely process credit card payments.

A simulated cyberattack authorized by the company to find vulnerabilities before real attackers do. Results in a report of findings and remediation recommendations.

Fraudulent emails designed to trick recipients into revealing credentials, clicking malicious links, or opening malicious attachments.

When an attacker gains higher levels of access (like administrator rights) than they initially had on a compromised system.

Malware that encrypts a victim's files and demands payment for the decryption key. Often combined with data theft to apply double pressure.

Role-Based Access Control — giving people access based on their job role rather than individually. Standard best practice.

A group of security professionals who simulate real-world attackers to test the company's defenses. More advanced and ongoing than a standard penetration test.

Static Application Security Testing — automated tools that scan source code for security vulnerabilities without running the application.

Software Composition Analysis — tools that scan your code dependencies (open source libraries) for known vulnerabilities.

Security Information and Event Management — software that collects and analyzes security logs from across your company's systems, firing alerts when something suspicious is detected.

Security Orchestration, Automation and Response — platforms that automate repetitive security tasks and coordinate responses across tools.

Security Operations Center — the team (and sometimes the physical room) dedicated to monitoring for and responding to security threats around the clock.

A widely-used security audit framework. A SOC 2 Type II report proves to customers that your company has strong security controls that have been independently verified over time.

SQL Injection — a web vulnerability where attackers manipulate database queries by injecting malicious input, potentially accessing or modifying data.

A structured process of identifying potential threats to a system and designing defenses against them — typically done during software design.

Tactics, Techniques, and Procedures — describes how a threat actor operates: their goals (tactics), the methods they use (techniques), and their specific tooling or behavior patterns (procedures).

User and Entity Behavior Analytics — security tools that detect unusual user behavior patterns that might indicate a compromised account or insider threat.

Virtual Private Network — an encrypted tunnel that lets remote employees securely access company systems as if they were in the office.

Web Application Firewall — a security layer in front of a web application that filters malicious traffic and blocks common attacks like SQL injection and XSS.

Extended Detection and Response — next-generation security monitoring that combines endpoint, network, and cloud data into a single view.

Cross-Site Scripting — a web vulnerability where attackers inject malicious scripts into web pages viewed by other users.

A security model where no user or device is automatically trusted, even inside the company network. Every access request is verified.