Why this hub exists: Security touches nearly every part of a modern engineering organisation, and the English required splits into genuinely distinct professional registers — a SOC analyst's vocabulary is not an architect's vocabulary, and neither overlaps much with the legal language of a compliance audit. Coders Lingo covers this breadth with eleven focused exercise categories rather than one unfocused mega-category — this page is the map that ties them together and explains what makes each one different, so you can find the right vocabulary for your role instead of guessing between similarly named sections.

The security English landscape, in plain terms

Broadly, the eleven categories below split into four groups. Foundations and design (Cybersecurity Practitioner English, Security Architecture Language, Cryptography & PKI Language, Identity & Access Management) covers the vocabulary of understanding threats and designing systems to resist them. Building and operating securely (DevSecOps Pipeline Language, SOC & Security Operations) covers the vocabulary of automated security gates in CI/CD and human-led monitoring of live systems. Testing and disclosure (Penetration Testing Communication, Security Disclosure Language, Software Supply Chain Security) covers the vocabulary of actively finding, reporting, and coordinating fixes for vulnerabilities — including ones introduced by third-party dependencies. Finally, governance (Compliance & Regulatory Language, plus the cross-cutting Security Exercise Lab) covers the audit and regulatory vocabulary, and a mixed practice set that reinforces terms from across the whole cluster.

These categories are not duplicates of each other, even where the icons and topics look similar at a glance. Each card below states in one line exactly what makes that category distinct, so you can jump directly to the vocabulary you actually need rather than working through overlapping material.

The 11 security vocabulary categories

Frequently asked questions

Why are there so many separate security vocabulary categories on Coders Lingo?

Security English has split into distinct professional registers depending on the job: a SOC analyst triaging alerts uses different vocabulary from a security architect designing trust boundaries, and both differ from an auditor discussing SOC 2 controls. Rather than force this into one oversized category, Coders Lingo splits it into eleven focused categories so each stays specific and practical. This hub is the map that ties them together.

Which security category should I start with?

If you are new to security vocabulary generally, start with Cybersecurity Practitioner English — it covers foundational terms like threat modeling, CVEs, and zero trust that the more specialised categories build on. From there, branch by role: architects should go to Security Architecture Language, defenders monitoring live systems should go to SOC & Security Operations, and anyone integrating security into CI/CD should go to DevSecOps Pipeline Language.

What is the difference between "Pentest Communication" and "Security Disclosure Language"?

Pentest Communication covers the vocabulary of an active, scoped testing engagement — Rules of Engagement, CVSS scoring, and the pentest report itself. Security Disclosure Language covers what happens once a vulnerability is found and needs to be reported and coordinated — CVE advisories, bug bounty reports, and vendor communication. A pentester writing up findings will use both.

How is "Identity & Access Management" different from "Cryptography & PKI"?

Cryptography & PKI Language covers the underlying cryptographic building blocks — TLS handshakes, certificates, JWT claims, and OAuth grant types at the protocol level. Identity & Access Management is the layer built on top of those primitives: OAuth flows, OIDC, SAML, RBAC, and passwordless authentication as experienced by a user or an application. IAM uses cryptographic terms but focuses on the authentication and authorisation outcome, not the underlying math.

Isn't "Compliance & Regulatory Language" the same topic as "Security Architecture Language"?

No. Security Architecture Language is technical — STRIDE threat modeling, attack trees, and defence in depth are about how a system is designed to resist attack. Compliance & Regulatory Language is legal and procedural — GDPR, SOC 2, ISO 27001, and PCI DSS vocabulary is about proving to an external auditor that controls exist and are followed. An engineer can design a secure system and still fail a compliance audit over documentation, so both vocabularies are needed.

What does the Security Exercise Lab add that the other ten categories don't already cover?

The Security Exercise Lab is a cross-cutting practice set rather than a new topic — it mixes OWASP Top 10, CVSS scoring, STRIDE, pentest language, incident communication, and secure code review into one set of exercises. Use the other ten categories to build vocabulary in each specific discipline, then use the lab to test recall across the whole security cluster at once.

How many total exercises are covered across the security vocabulary cluster?

The eleven categories in this hub cover 255 exercises in total, ranging from foundational cybersecurity vocabulary to advanced, role-specific terminology for architects, SOC analysts, pentesters, and compliance teams. Each category is self-contained, so you can start with whichever matches your current role.

Explore more

Browse the full exercise library for every other IT English topic.

All exercises