How Specialized Language in Cybersecurity Creates Barriers and Wastes Resources.

The use of acronyms in cybersecurity is a common phenomenon, reflecting the way we interact in this industry, but it raises the question of whether it is really necessary to add more complexity to an already complicated field. This context may be contributing to developers' discouragement. The cybersecurity sector is experiencing significant growth, with a 20% year-over-year increase, driven by the promise of greater productivity. However, developers often feel overwhelmed by the number of new acronyms they must study in order to advance in their tasks.

One of the communication problems lies in the use of names that describe security tools by their nature, rather than explaining their functionality. For example, "static application security testing" (SAST) may be incomprehensible to those unfamiliar with the term, even though what it actually does is secure the code. A clearer description would facilitate understanding of "dynamic application security testing," which is responsible for finding vulnerabilities in applications.

Frustration is heightened when there is no need to use acronyms when the tools' functions can be described more accessibly. This communication barrier intensifies at higher hierarchical levels; security teams often face challenges in securing funding because decision-makers in the company do not fully understand what these tools provide. This creates a complicated situation where the lack of investment and the increase in cyberattacks are evident.

Additionally, the continuous creation of new acronyms may seem more like an attempt to generate profits than a real necessity, complicating the distinction between essential tools and those that are merely a passing trend.

In 2024, it is crucial to adopt a more holistic approach to cybersecurity. Acting at different stages of development or in silos can dilute the effectiveness of security. An integrative approach is proposed, addressing four key areas:

1. Source Code Security: This encompasses everything written in code, including infrastructure as code, focusing on creating secure code from the outset.
2. Running Application Security: This involves protecting the application while it operates, identifying vulnerabilities through fuzzing tools and API testing.
3. Cloud Environment Security: This includes the protection of the infrastructure on which everything operates.
4. Supply Chain Security: This refers to the protection of dependencies, open-source components, and third-party elements.

By presenting these areas clearly and understandably, it facilitates the work of developers by avoiding the use of confusing acronyms and establishes more effective communication that respects both the time and cognitive load of everyone involved. Clear communication not only improves the transmission of information but also allows cybersecurity to be viewed as an integral and well-funded part of the organization.