Skip to content

Industry Glossary

A reference of common terminology

First published May 8, 2026

Compiled by Goat Security research staff. Updated periodically.

The following definitions reflect operational usage rather than vendor marketing. Entries are listed alphabetically. Additional terms are added as they enter common circulation.


Agentic AI. Software that takes actions without direct human authorization, sold as a feature. The user-approval mechanism is typically present at deployment and atrophied within eighteen months.

Best-of-breed. A self-description used exclusively by vendors. No customer has ever applied this term to a product they did not sell.

Bring your own. A model in which the customer retains responsibility for the component the vendor declined to provide. Often abbreviated BYO and applied to keys, devices, and licenses.

Customer success. A department whose function is to prevent customers from leaving. Distinct from customer support, which addresses problems the customer has already encountered.

Defense in depth. A security architecture composed of multiple layers, each procured from a different vendor, each requiring its own certification track for the operations team.

Digital transformation. A program of organizational change framed in technological language. Usually involves a consultancy, a multi-year roadmap, and a successor program three years later.

Frictionless. A description of a workflow that has reduced friction in one place by adding it elsewhere. The location of the displaced friction is rarely specified.

Genuine intelligence. A retronym introduced after the marketing of artificial intelligence rendered the unmodified term ambiguous. Not yet in common use.

Governance. A category of software product whose purpose is to provide reports to auditors. Distinct from operations, which addresses the conditions the reports describe.

Hybrid cloud. A deployment model in which workloads run partly in cloud environments and partly on infrastructure the organization is not yet able to decommission.

Industry leader. A company that has commissioned an analyst report saying so.

Intent-based. A design philosophy in which the user describes the desired outcome and the system determines how to produce it. The gap between described and produced outcomes is the basis of an ongoing services relationship.

Level 3 automation. A framing borrowed from autonomous vehicles, applied to systems that are not vehicles. Implies the existence of Levels 1, 2, 4, and 5, none of which require independent justification.

Modernization. The replacement of one set of systems with a comparable set of systems built more recently. The functional capabilities of the resulting systems are typically a subset of the originals.

Next-generation. Used to distinguish a vendor’s current product from the same vendor’s previous product. Tends to coincide with a price increase.

Observability. The collection, indexing, and storage of system telemetry, sold separately from the systems being observed. Pricing is per-gigabyte and grows with the systems’ health.

Platform. A product the vendor wishes to sell as a category. The transition from product to platform is announced rather than achieved.

Post-mortem blameless. An incident review process in which individual contributors are not named, and in which the named system is the one most recently deployed.

Pre-revenue. A stage of company development in which expenses exist and revenue does not. Often presented as deliberate.

Roadmap. A document indicating features the vendor intends to ship. The relationship between the document and shipped features is described as “directional.”

Security posture. A composite measurement of an organization’s defensive capabilities, calculated by the vendor selling the assessment.

Shift left. A practice of moving responsibilities earlier in the development process. The headcount associated with the original responsibility is rarely shifted with it.

Single pane of glass. A console that aggregates dashboards from other consoles. Commonly itself one of several.

Solution. A bundling of products presented as addressing a customer problem. The problem is typically defined by the bundling.

Strategic partnership. A commercial relationship between two vendors, announced publicly, in which neither party assumes operational responsibility for the other’s product.

Synergy. A justification for an acquisition. Operationalized post-close as a redundancy program.

Thought leadership. Content marketing produced by personnel whose job titles include the word “officer.” Distinguishable from analysis by the absence of disconfirming evidence.

Upskilling. Training existing staff in a skill the organization plans to require shortly. Sometimes precedes layoffs.

Velocity. A measurement of team output, taken at a granularity sufficient to be reported but insufficient to be acted upon.

Vendor lock-in. A condition produced by the previous procurement decision. Avoided in principle by the next one.

Zero trust. An architecture in which no component is implicitly trusted. Implementation requires the implicit trust of the vendor providing the architecture.


Additional terms will be added as they enter common circulation. Suggestions may be sent to the contact address listed in the Resources section.

← Back to Reference Goat Security