Skip to main content

The media loves to hype up cybersecurity, and they often confuse the terms. Here's a simple way to explain and understand what those cyber security terms really mean.

A group of hackers and cyber security professionals were annoyed by the media’s mis-use of terms, and this twitter thread by Casey Ellis rolled out.

Imagine cyber security as a bar fight…

threat actor = someone who wants to punch you in the face

threat = the punch being thrown

vulnerability = your inability to defend against the punch

risk = the likelihood of getting punched in the face

acceptable risk = your willingness to be punched in the face

compliance = how you think this all works until you’ve been punched in the face

attack surface = the size and shape of your face

threat intelligence = the collection of photos of ppl who aren’t allowed into the pub because of the time they punched someone in the face

risk posture = whether you know that talking shit in a pub is likely to get you punched in the face or not

exploit = the fist

asymmetric threat = studying this entire thread then getting kicked in the crotch

cyberrisk insurance = your mates at the pub betting on if you can “talk that kinda shit” and not get punched in the face

DEFCON presentation = all of your friends getting drunk in Las Vegas watching video of you being punched in the face

Patch Tuesday = your weekly gym visit

Air gap = avoiding the pub by staying at home (or) air gap = standing more than an arms length from a threat actor

Side channel = your wallet being nicked whilst you are being punched in the face

The rest of the thread is really useful to then see how different people debate or refine the different concepts. It’s well worth a read.

What about our cyber security services?

Security for schools and small to medium businesses is one of the main things we do at the Flywheel companies. Call or email us to get a review done of your systems now.

Let’s get started!