Alphabet Soup

AD

Active Directory

APT

Advanced Persistent Threat

An attacker targeting a specific organization or person with customized, sophisticated techniques

AV

Antivirus [software]

AWS

Amazon Web Services

BYOD

Bring Your Own Device

CIA

Confidentiality, Integrity, and Availability

The three core principles of information security. The "triad".

CVSS

Common Vulnerability Scoring System

A system for rating new vulnerabilities from 0 (low risk) to 10 (high risk).

DDoS

Distributed Denial of Service

DLP

Data Loss Prevention

DMZ

Demilitarized Zone

GCP

Google Cloud Platform

GRC

Governance, Regulation, and Compliance

IAM

Identity and Access Management

IDS / IPS

Intrusion Detection System / Intrusion Protection System

IT

Information Technology

K8S

Kubernetes

MDR

Managed Detection and Response

MFA

Multi-Factor Authentication

Sometimes called "2FA"

NICE

National Initiative for Cybersecurity Education

NIST

National Institute of Standards and Technology

US Govt organization that has a large (free!) cybersecurity framework

OPSEC

Operational Security

OSINT

Open Source Intelligence

Collecting information using open sources (search engines, public records)

PCI-DSS

Payment Card Industry Data Security Standard

The rules credit card companies want payment collectors to adhere to. Sometimes shorted to "PCI", as in "PCI compliant"

PKI

Public Key Infrastructure

POC

Proof of Concept

Proving an exploit is possible against a target, usually with documentation, screenshots or videos.

S3

Amazon S3

Refers to Amazon's cloud storage service.

SE

Social Engineering

Phishing, vishing, etc.

SIEM

Security Information and Event Management

SOAR

SOC

Security Operations Center

SSO

Single Sign-On

TLS

Transport Layer Security

VPN

Virtual Private Network

XDR

Extended detection and response

The more sophisticated version of MDR