The Integrator’s Glossary: Cybersecurity Jargon Simplified
By Micah Stroope, IT Systems Admin, Intraworks, PSA Cybersecurity Committee Member
As integrators, we live in a world of specialization. Whether it’s a particular business vertical or technology, everyone finds their niche. One thing is becoming clear though, in a world of AI analytics and cloud connected systems, cybersecurity is a core concern for customers and vendor partners alike. This shift requires a broader understanding of cybersecurity and IT terminology which is rife with acronyms and technical terms that can leave teams confused and projects at risk. While it is unrealistic and unnecessary for non-IT professionals to understand all the vernacular, this guide serves as an introduction to some terms you have likely already heard.
ZTA (Zero Trust Architecture)
“We have to distrust each other. It’s our only defense against betrayal.” – Tennessee Williams
Zero trust architecture is an IT framework wherein no users or devices are trusted by default. ZTA is implemented using the principles of identity verification, compliance and least privilege access. ZTA incorporates many other fundamental cybersecurity practices such as MFA (multi-factor authentication), ACLs (access control lists) and conditional access rules to achieve this goal.
Phishing
“A fishing rod is a stick with a hook at one end and a fool at the other.” – Samuel Johnson
Phishing attacks are malicious emails intended to steal credentials, sensitive information or infect the target’s computer with malware. Traditional phishing works by sending large volumes of emails, often impersonating a legitimate person or organization, with malicious links or attachments.
Vishing (Voice-Phishing)
Vishing, like phishing, is intended to steal credentials or other sensitive information but is performed via phone call. Callers often impersonate employees or agents of legitimate entities and try to create a sense of urgency with the call’s target in an attempt to make them more vulnerable.
Smishing (SMS-Phishing)
Smishing is a form of phishing with SMS text as the attack vector. These attacks, like the others, use impersonation, creating a false sense of urgency, and malicious hyperlinks and files to extract sensitive information. You may be familiar with this type of phishing if you’ve been targeted by the “Past Due Toll” smishing attack which has impacted millions of mobile phone users over the past two years.
Spear-Phishing (Highly Targeted Phishing)
Unlike traditional phishing attacks, spear-phishing attacks are targeted and display higher levels of understanding of the target. Spear-phishing attacks may address the target or target’s organization by name or reference activities that the target’s working department engages in. They may also appear to originate from legitimate sources including contacts that the target has done business with. Spear-phishing can also be considered Whaling when it targets C-Suite executives.
MITRE ATT&CK®
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – The Art of War, Sun Tzu
MITRE is a not-for-profit think tank in the aviation, defense, and cybersecurity fields. Their ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) classification structure is widely regarded as the gold standard in threat detection. MITRE’s ATT&CK® free online knowledgebase catalogues tactics used by threat actors, allowing cybersecurity teams to detect threats earlier and respond proactively.
IDS / IPS
“An ounce of prevention is worth a pound of cure.” – Benjamin Franklin
Intrusion detection systems (IDS) sit at the edge of a network, usually between the company’s network and firewall, they analyze traffic to identify harmful activities. Intrusion prevention systems do everything an IDS does but can also remediate threats in real time.
IoT
“The chain is only as strong as its weakest link…” – Thomas Reid, Essays on the Intellectual Powers of Man
The internet of things refers to connected sensing devices of all types. These devices control temperature, lighting, smoke detectors, sprinklers systems, and thousands of other system types. If it runs on electricity and is within WiFi or cellular range during normal use, there’s probably an IoT device that can control it. While the advent of IoT has sparked a revolution in accessibility, ease-of-use, and automation, it has simultaneously introduced a flood of vulnerabilities from the cybersecurity perspective. Each IoT device, even those operating on a local area network, presents a vulnerability that must be accounted for. Due to the proprietary nature of much of the cloud software used to interact with IoT devices, centralized management and control using existing cybersecurity measures can be rendered difficult if not impossible.
LDAP
Lightweight Directory Access Protocol is a method used by software applications to quickly query user data stored in a centralized location such as Active Directory. A common implementation in the systems integration field would be to import users from Active Directory to an access control system. When an IT department deactivates or modifies a user in Active Directory, those changes are then synchronized to the access control system, deactivating or modifying that user without the need to interact with that system’s interface at all. It is important to note that LDAP is vendor-neutral and works with other network resource management systems, though Active Directory is the most common in business, currently being used by over 95% of fortune 1,000 companies.
Whether you’re meeting with a client or conversing with an IT-professional, it’s likely you’ll encounter some jargon in your day-to-day. The month of October is spooky enough without having to consult your in-house IT person about the meaning of a term or acronym. To help raise more awareness around confusing terms and other cybersecurity best practices, the PSA Cybersecurity Committee invites members to join PSA’s webinar this month to help raise awareness around cybersecurity. Use this guide as an introduction to some commonly used jargon and share it within your organization to increase institutional knowledge and demystify conversations around cybersecurity.
Micah Stroope is a member of PSA’s Cybersecurity Committee. This article was written to raise awareness about cybersecurity risks for Cybersecurity Awareness Month 2025. To learn more about about cybersecurity best practices, register for PSA’s virtual Lunch & Learn on Oct. 22, 2025, at 11 AM MT.
To learn more about PSA Committees and how to join, click here.