empowsec Security Glossary: Plain-Language Terms for Teams

Sarah Mitchell··9 min read
An online security terms glossary

One of the quieter barriers to effective security awareness is language. When employees encounter terms like 'DMARC', 'lookalike domain', 'vishing', or 'credential stuffing' in training materials, they may nod along without fully understanding what the words mean. A training module can introduce a concept, but employees who want to refresh their memory between formal training sessions often have no easy place to turn. Search engines surface technical documentation written for security professionals, not for a Finance manager trying to remember the difference between phishing and spear-phishing before a team meeting. empowsec addresses this with a free, searchable security glossary that defines common security and phishing terms in plain language, available in both English and German.

This article explains what the glossary covers, how it is structured, why multilingual support matters for international teams, and how it fits into a broader security awareness program as a reinforcement resource.

What the Glossary Covers

The empowsec security glossary focuses on the vocabulary that appears most often in security awareness training and phishing simulation contexts. This includes the terminology employees are most likely to encounter in training modules, in phishing debrief emails after simulations, in reported phishing incidents, and in general security communications from their IT or security team.

The glossary defines terms in plain language - meaning explanations written the way you would explain a concept to a colleague who works outside of IT, not the way a technical specification would define it. A definition of 'social engineering' in a glossary for general employees should explain what an attacker is actually trying to do and why it works, not recite a formal taxonomy. A definition of 'two-factor authentication' should explain what it protects against and what it feels like to use, not just state that it is 'a second form of identity verification'.

This plain-language priority makes the glossary genuinely useful for the people it is intended to serve: employees at all levels of technical sophistication who need a reliable, accessible reference. Security terms can sound intimidating even when the concepts behind them are straightforward. A good glossary demystifies the jargon and makes the training content it supports easier to understand and remember.

empowsec.com / glossary
Security Glossary
Search security and phishing terms in plain language.
P
Phishing
A fraudulent message designed to trick the recipient into revealing credentials or clicking a malicious link.
Email Security
S
Spear-phishing
A targeted phishing attack personalised to a specific individual or organisation to increase credibility.
Phishing
D
DMARC
A DNS policy that tells receiving mail servers what to do when email fails SPF or DKIM authentication checks.
Email Security
L
Lookalike domain
A domain registered to look like a trusted brand - e.g. paypa1.com instead of paypal.com - to deceive recipients.
Phishing
The empowsec glossary presents terms with a short plain-language definition and a category pill, making it easy to browse or search by topic area.

Search and Navigation

A glossary that requires readers to scroll through hundreds of terms alphabetically is less useful than one they can search directly. The empowsec security glossary is fully searchable, which means an employee who needs a quick definition can type the term they are looking for and get directly to the answer. This is the right design for the most common use case: someone is reading a training module, encounters an unfamiliar term, opens the glossary in another tab, searches for it, reads the definition, and returns to their training. The whole interaction should take thirty seconds.

The search experience also accommodates people who are not sure of the exact term. If you half-remember 'credential something' or 'that thing where they call you instead of emailing', a good search function surfaces the relevant result even without an exact match. This forgiveness in the search interface matters because security vocabulary is still unfamiliar to many employees, and requiring an exact term match would make the glossary less useful for the people who most need it.

Terms are also organized by category, so someone who wants to browse all phishing-related terms or all email authentication terms can do so without knowing in advance exactly which terms they are looking for. This browse mode is useful for onboarding, where a new employee might want to get an overview of the terminology before starting their first training module, or for security champions who want to ensure they are comfortable with the full vocabulary in a particular area.

Multilingual Support: English and German

The empowsec security glossary is available in both English and German. This reflects the same multilingual commitment that runs through the rest of the empowsec platform: phishing simulation templates support multiple languages, training modules support per-user language delivery, and the interface itself is available in multiple languages. The glossary extends this commitment to a resource that exists outside the formal training flow.

For organizations with employees who work primarily in German, an English-only glossary is a friction point. If the rest of your security awareness training is delivered in German and the glossary that is supposed to support that training is only available in English, the glossary fails its purpose for a significant portion of your audience. The German-language glossary ensures that employees working in German have the same accessible, plain-language reference that English-speaking employees have.

Multilingual glossary support also reinforces the broader principle that security awareness training should meet employees where they are, not ask them to reach for it. An employee who is less comfortable in a second language is already at a slight disadvantage when processing complex concepts. Removing the additional barrier of having to parse a definition in their non-primary language means the glossary is useful for more people, more consistently.

empowsec.com / de / glossar
Security Glossary (DE)
German-language glossary - same structure, translated content.
LanguageDeutsch
Alternate languageEnglish
hreflangde
P
Phishing
German definition - displayed to users whose browser language is set to German.
Email Security
V
Vishing
German definition - voice phishing over a phone call rather than email.
Social Engineering
The German-language version of the glossary uses the same structure and search experience as the English version, with hreflang links connecting the two language variants for SEO.

SEO Optimization and hreflang

The empowsec security glossary is SEO-optimized, which means it is designed to rank in search results when someone outside the empowsec platform searches for a security term. This matters for two reasons. First, it means the glossary is useful not just for empowsec customers but for anyone who finds it through a search engine. A Marketing manager at a company that does not yet use empowsec can find a plain-language definition of 'business email compromise' through an organic search result just as easily as a current empowsec user can find it through the platform. The glossary functions as a public resource.

Second, SEO optimization and hreflang tags (which link the English and German language variants of each glossary page) mean that the glossary performs well in both English and German search results. When someone in Germany searches for the German equivalent of a security term, the German-language version of the glossary is surfaced. The hreflang implementation ensures that search engines understand the relationship between the two language versions and serve the right one to the right audience, rather than treating them as duplicate content.

For empowsec as a platform, a well-ranking glossary also demonstrates domain expertise in security awareness, which builds credibility with the IT managers, CISOs, and compliance teams who evaluate security awareness training tools. A company that publishes clear, authoritative explanations of security concepts is more likely to be trusted with the security education of an organization's employees.

Using the Glossary as a Reinforcement Resource

The most effective security awareness programs do not rely on a once-a-year training module to do all the work. They create an environment of continuous reinforcement where security concepts are visible, accessible, and regularly recalled. A searchable, multilingual glossary fits naturally into this continuous reinforcement model. It is the reference employees reach for when something in their environment prompts a question - a phishing debrief that mentions a new tactic, a news headline about a breach, a colleague asking what DMARC means.

For onboarding in particular, the glossary is a valuable complement to formal training assignments. A new employee starting their first empowsec training module has likely never encountered many of the security terms they are about to see. Directing them to the glossary as a reference before or alongside their training reduces the cognitive load of learning unfamiliar terminology and concepts at the same time. It also sets an expectation from day one that security is a subject with a vocabulary worth knowing, not just a compliance box to tick.

For security champions and IT teams, the glossary serves a different purpose: it is a shared, consistent reference that can be linked in internal communications. When a security team member sends an email about a new threat, linking to the glossary definition of the relevant term gives recipients an easy way to understand the context without the security team needing to explain it from scratch every time. Shared language reduces misunderstanding and makes security communications more effective across the organization.

Tip
Share the empowsec glossary link with new employees during onboarding alongside their first training assignment. A quick note explaining that it defines any unfamiliar terms they encounter removes a common friction point and helps them engage more confidently with the training content.

What This Means for Your Team

  • Free and publicly accessible - the empowsec security glossary requires no login and is available to anyone, making it a useful resource for employees, managers, and security teams alike.
  • Plain-language definitions are written for a general employee audience, not for security professionals - removing the jargon barrier that makes security concepts feel inaccessible.
  • Fully searchable design means employees can find the term they need in seconds, making the glossary a practical reference rather than a document people have to scroll through.
  • English and German language support ensures employees working in either language have the same quality of accessible reference, consistent with the multilingual design of the wider empowsec platform.
  • SEO-optimized with hreflang tags means the glossary performs well in search results for both language versions, extending its value beyond empowsec customers to anyone searching for plain-language security definitions.
  • A reinforcement resource for onboarding and ongoing awareness - link it alongside training assignments, in phishing debrief emails, and in security communications to build a culture where looking up an unfamiliar term is easy and encouraged.
Share: