Cybersecurity Bingo

Meetings, especially in the cybersecurity realm, can sometimes feel like a stroll through a jargon jungle. There's a lot of "phishing" but not the kind that requires a fishing rod. There's talk of "firewalls," but nobody's trying to keep warm. To make our ventures through this linguistic labyrinth a tad more enjoyable, I've created a Cybersecurity Bingo Card. Loaded with popular terminologies—from the straightforward "DNS" to the all-too-relatable "Sorry, was on mute"—this card will help you decode the tech talk and bring a competitive edge to your meetings. Remember to play fair: no "proxy" players allowed, and don't just mark "threat" because someone side-eyed you for stealing the last donut. Dive in, have fun, and may the best jargon-juggler win!


Happy playing, and remember, it's all in good fun!

Square Definitions:

PhishingSpear phishing or regular works
Switch/RouterSwitch or router-type infrastructure. Hub would also be a valid entry
FirewallA vendor brand such as Palo-Alto, or Cisco works as long as it is within the context of a firewall
EscalateThe exact word needs to be used
Pen-testPen-testing or red-team can be considered valid entries
D/DoS"Distributed denial of service" or just "denial of service" are valid 
Tiger-teamCan be used singular or plural
MalwareMalware, Ransomware, or the type of actual name of the malware are valid to complete this square
BandwidthAs it refers to network traffic, or available time to work on something (not the circumference of musicians)
ActorUsed in the form of a threat actor, not the actor seen in a movie or TV show
Nation-stateMust be both words used (Nation-state) to complete the square. Using 'nation' on its own and then later using
'state' doesn't count
Al/Machine LearningAny variants of Artificial intelligence or machine learning are valid entries; this also includes terms such as supervised or unsupervised neural networks
Free SpaceIt doesn't need to be said, but if someone says it, then you know that you're on a roll with this group!
IntelIt is intended in the context of threat intelligence, not the computer chip maker. However, you could still complete the square and argue the process
Policy Policy, as it relates to business or rule policy, is fine. You may want to agree beforehand if anything from governance is allowed to complete this square, such as NIST, ISO, etc.
BlockedBlocking is also a valid entry and may be used with a high-scoring sentence such as 'I have blocked the threat actor'
ProxyThe idea of proxying network connections, not having someone fill out your bingo card by proxy
NetworkAs it relates to communication on the organization's TCP/IP network, whether intranet or internet-based. If used in the context of neural network then you should complete the Al/Machine Learning square
RuleTypically related to a threat signature or firewall that governs how future occurrences are remediated
ReconRecon or Reconnaissance is good to complete this square. 
TicketIdeally related to a bug tracking system, trouble ticketing system, or service ticketing system. If someone proclaims, 'that's the ticket!' then you probably deserve to complete the square just for being in the same room as that person
ThreatIdeally, it relates to network or software threats within the organization. It could also be used in the context of an insider threat, which hopefully isn't anyone in the room with you right now
DNSIt is a pretty straightforward reference to the internet domain name servers, and is likely used as part of a sentence, such as 'I did a DNS lookup on the was '
LogsNot of the tree kind, but of the kind typically aggregated from Windows, Linux, Active-Directory, Firewalls, or other such sources. The term 'Syslog' would be acceptable to complete this square
Sorry, I was on mute You'll likely hear something like this on any internet-based communication software, such as Zoom, Webex, GoToMeeting, etc. Hopefully, never followed by the phrase, "I'm not a cat."


Pete Slade
March 1, 2022