Angielski dla Cybersecurity Specialisty — słownictwo security i pen testing po angielsku
Wykryłeś atak na infrastrukturę o północy i masz 5 minut na incident report do zagranicznego CISO. Ten artykuł daje Ci słownictwo do incident response, vulnerability disclosure i debriefu po pen teście — precyzyjny angielski pod presją czasu.
Wykryłeś atak o północy i masz 5 minut na napisanie incident reportu do zagranicznego CISO
Środek nocy. SIEM rzuca alertem — anomalous outbound traffic z hosta w sieci wewnętrznej. Pierwsze IOC wskazują na potencjalny data exfiltration attempt. Musisz w ciągu kilku minut napisać incident report do CISO w Londynie, skoordynować containment z SOC w Warszawie i jednocześnie zachować chain of custody na potrzeby ewentualnej forensyki.
To nie jest scenariusz z certyfikatu. To środa o 00:13 w każdej firmie z globalnym security teamem.
Z tego artykułu skorzystają: Security Analyst, Penetration Tester (Pentester), SOC Analyst, Security Engineer, Incident Responder i CISO — wszyscy, którzy pracują w angielskojęzycznych środowiskach security i potrzebują precyzyjnego języka do raportowania incydentów, opisywania podatności i prowadzenia pen testów.
Zagrożenia i ataki — 8 terminów
| EN Term | PL | Przykład w pracy |
|---|---|---|
| vulnerability | podatność / luka bezpieczeństwa | "We identified a critical SQL injection vulnerability in the customer-facing API." |
| exploit | exploit (kod wykorzystujący podatność) | "A working exploit for this CVE has been published — patch immediately." |
| threat actor | podmiot zagrożenia / atakujący | "The threat actor appears to be a financially motivated group based on the TTPs observed." |
| attack vector | wektor ataku | "The attack vector was a phishing email targeting finance department employees." |
| phishing | phishing | "We ran a simulated phishing campaign — 12% of employees clicked the link." |
| ransomware | ransomware | "The ransomware encrypted all files on the affected hosts before containment was complete." |
| DDoS (Distributed Denial of Service) | rozproszony atak odmowy usługi | "We're under a DDoS attack — traffic is at 40 Gbps, well above our mitigation threshold." |
| zero-day | zero-day (nieznana wcześniej podatność) | "This is a zero-day — no patch is available yet. We need to apply compensating controls immediately." |
Obrona i monitoring — 8 terminów
| EN Term | PL | Przykład w pracy |
|---|---|---|
| firewall | zapora sieciowa | "The firewall rules need to be updated to block outbound traffic on port 4444." |
| IDS (Intrusion Detection System) | system wykrywania włamań | "The IDS flagged the lateral movement attempt at 00:47 UTC." |
| IPS (Intrusion Prevention System) | system zapobiegania włamaniom | "The IPS automatically blocked the connection attempt and generated an alert." |
| SIEM | system zarządzania zdarzeniami bezpieczeństwa | "Pull the logs from the SIEM for the past 72 hours — we need to establish the full timeline." |
| EDR (Endpoint Detection and Response) | ochrona i reagowanie na poziomie endpointów | "EDR telemetry shows the malicious process was spawned from a macro-enabled Office document." |
| SOC (Security Operations Center) | centrum operacji bezpieczeństwa | "The SOC is monitoring the situation 24/7 and will escalate if the activity resumes." |
| patch | łatka / aktualizacja bezpieczeństwa | "The patch for CVE-2025-1234 must be applied to all production servers within 24 hours." |
| hardening | utwardzanie / wzmacnianie konfiguracji | "System hardening reduced our attack surface by disabling 14 unnecessary services." |
Pen testing i ocena bezpieczeństwa — 6 terminów
| EN Term | PL | Przykład w pracy |
|---|---|---|
| penetration test | test penetracyjny | "The penetration test scope covers the external perimeter and the internal network segment." |
| reconnaissance | rozpoznanie (faza pen testu) | "During reconnaissance we identified 3 externally exposed admin panels that shouldn't be public." |
| privilege escalation | eskalacja uprawnień | "We achieved privilege escalation from a standard user account to local administrator in under 20 minutes." |
| lateral movement | ruch lateralny | "Once inside the network, the attacker used lateral movement to reach the domain controller." |
| payload | payload (złośliwy ładunek) | "The payload was delivered via a malicious PDF attachment in the spear-phishing email." |
| proof of concept (PoC) | dowód koncepcji (potwierdzenie podatności) | "We developed a PoC to demonstrate that the vulnerability is exploitable in your environment." |
Compliance i governance — 6 terminów
| EN Term | PL | Przykład w pracy |
|---|---|---|
| risk assessment | ocena ryzyka | "The annual risk assessment identified 7 high-risk findings requiring immediate remediation." |
| data breach | naruszenie danych / wyciek danych | "We have a confirmed data breach — personal data of approximately 4,200 customers was accessed." |
| incident response | reagowanie na incydenty | "The incident response plan was activated at 00:52 UTC. Containment is the current priority." |
| forensics | informatyka śledcza | "We've preserved the disk images for forensics — do not power off any of the affected hosts." |
| chain of custody | łańcuch dowodowy | "Maintain chain of custody on all collected evidence — it may be needed for legal proceedings." |
| compliance | zgodność (z regulacjami: GDPR / ISO 27001) | "Our ISO 27001 compliance audit is scheduled for Q3 — the pen test report will be a key input." |
Scenariusze komunikacji
a) Security incident report — 8 zwrotów
- "At 00:13 UTC we detected anomalous outbound traffic from host 192.168.4.71 to an external IP flagged in multiple threat intelligence feeds."
- "The IOCs are consistent with a data exfiltration attempt — we're seeing large, encrypted data transfers on port 443 to an unfamiliar destination."
- "Containment actions initiated: the affected host has been isolated from the network and its credentials have been rotated."
- "We have preserved forensic images of the affected host. Chain of custody is maintained."
- "Initial scope assessment suggests the compromise is limited to a single host. Lateral movement is not yet confirmed but cannot be ruled out."
- "This incident is being classified as SEV-1 pending further investigation. CISO and legal have been notified."
- "We are currently in the containment phase of the incident response plan. Eradication and recovery steps are pending root cause confirmation."
- "A full forensic investigation is underway. We will provide an updated status within 4 hours or sooner if the situation changes."
b) Ujawnienie podatności management — 6 zwrotów
- "We identified a critical SQL injection vulnerability in the customer portal. It is present in the search endpoint and is not currently patched."
- "Exploitation of this vulnerability would allow an unauthenticated attacker to access all records in the customer database — approximately 280,000 accounts."
- "The CVSS score is 9.8 — Critical. This should be treated as a P0 remediation item."
- "We recommend taking the affected endpoint offline until the patch is applied. The business impact of a brief outage is significantly lower than the risk of exploitation."
- "A proof of concept was developed in a controlled environment to confirm exploitability. It has not been tested against the production system."
- "We will retest the vulnerability after the patch is applied to confirm remediation is effective."
c) Debrief po pen teście — 6 zwrotów
- "During the engagement we successfully achieved domain admin privileges via a Kerberoasting attack against a service account with a weak password."
- "The external attack surface was broader than expected — we identified 3 internet-facing admin panels that should be restricted to VPN access only."
- "The most critical finding is the SQL injection in the search API. It was exploitable without authentication and provides direct database access."
- "Social engineering testing revealed that 18% of employees shared their credentials when contacted by a simulated IT support call."
- "The full report with detailed findings, CVSS scores and prioritised remediation recommendations is attached to this presentation."
- "We recommend a follow-up retest within 90 days after remediation to verify that the critical and high findings have been resolved."
Krótki dialog — SOC Analyst raportuje aktywny incydent do Security Managera
SOC Analyst: "I need to escalate — we have a potential data breach in progress. SIEM picked up anomalous outbound traffic from a finance workstation starting at 00:09 UTC. Volume is 4.2 GB over 18 minutes, destination IP is flagged as a known C2 server."
Security Manager: "Have you contained the host?"
SOC Analyst: "Yes — isolated from the network at 00:24 UTC. EDR telemetry shows a malicious process that was spawned about 6 hours ago, likely from a phishing attachment opened during business hours."
Security Manager: "What's the blast radius? Do we know what data was on that machine?"
SOC Analyst: "The host belongs to a Finance analyst. Based on the mapped drives, they had access to the consolidated accounts folder. We're pulling the file access logs now to identify exactly what may have been exfiltrated."
Security Manager: "This sounds like SEV-1. Notify the CISO and get Legal on a call. And preserve all forensic images before anyone touches that machine."
SOC Analyst: "Understood. Images are already preserved and chain of custody is documented. I'll send the initial incident report within the next 15 minutes."
Certyfikaty security — 6 terminów i jak o nich mówić
- CISSP (Certified Information Systems Security Professional) — "CISSP is the gold standard for senior security professionals. It covers eight domains including risk management, cryptography and security architecture."
- CEH (Certified Ethical Hacker) — "The CEH certification validates knowledge of offensive techniques used by attackers — essential context for building effective defenses."
- OSCP (Offensive Security Certified Professional) — "OSCP is a hands-on, 24-hour practical exam. It's widely regarded as the most credible offensive security certification because it requires you to actually compromise machines, not just answer questions."
- CompTIA Security+ — "Security+ is an entry-level certification that covers core security concepts. It's a good starting point and is recognized by the US Department of Defense."
- ISO 27001 — "ISO 27001 is an international standard for information security management systems. Being ISO 27001 certified means the organization has a structured ISMS in place, not just individual good practices."
- SOC 2 — "SOC 2 is a compliance framework commonly required by enterprise customers in the US market. It assesses controls around security, availability, processing integrity, confidentiality and privacy."
Najczęstsze błędy Polaków
1. "hacker" — słowo neutralne, nie obraźliwe. Używaj precyzyjnie. W języku angielskim hacker sam w sobie nie jest negatywny. Kontekst etyczny określają przymiotniki: white hat hacker (etyczny), black hat hacker (złośliwy), grey hat (pomiędzy). W profesjonalnym raporcie używaj: threat actor, attacker lub malicious actor.
2. "vulnerability" vs "threat" vs "risk" — trzy różne pojęcia. Vulnerability to luka w systemie. Threat to potencjalne zagrożenie. Risk to kombinacja obu. ✅ "The vulnerability is the unpatched server. The threat is an external attacker. The risk is data exposure affecting 50,000 customers."
3. "the system was hacked" → bardziej precyzyjnie. Was hacked brzmi sensacyjnie, nie profesjonalnie. ✅ "We detected a breach / unauthorized access to the system." lub "The system was compromised." albo "We identified indicators of compromise on the affected host."
4. "attack" vs "incident" — incident to szersze pojęcie. Attack to celowe, złośliwe działanie. Incident to każde zdarzenie naruszające bezpieczeństwo — włącznie z błędami ludzkimi. ❌ "We had an attack — someone misconfigured the S3 bucket." → ✅ "We had a security incident — a misconfigured S3 bucket exposed customer data publicly."
5. IOC — jak wymawiać i używać w zdaniu. IOC (Indicator of Compromise) czytamy jako trzy litery: "I-O-C". Liczba mnoga: IOCs. ✅ "The IOCs we identified are consistent with a ransomware deployment." — IOC to wskaźnik, nie dowód sam w sobie.
Quick Reference Table — 28 terminów
| EN Term | PL Tłumaczenie | Typowy kontekst |
|---|---|---|
| vulnerability | podatność / luka | Zagrożenia |
| exploit | exploit | Zagrożenia |
| threat actor | podmiot zagrożenia | Zagrożenia |
| attack vector | wektor ataku | Zagrożenia |
| phishing | phishing | Zagrożenia |
| ransomware | ransomware | Zagrożenia |
| DDoS | rozproszony atak DoS | Zagrożenia |
| zero-day | zero-day | Zagrożenia |
| firewall | zapora sieciowa | Obrona |
| IDS | system wykrywania włamań | Obrona |
| IPS | system zapobiegania włamaniom | Obrona |
| SIEM | system zarządzania zdarzeniami | Obrona |
| EDR | ochrona endpointów | Obrona |
| SOC | centrum operacji bezpieczeństwa | Obrona |
| patch | łatka bezpieczeństwa | Obrona |
| hardening | utwardzanie konfiguracji | Obrona |
| penetration test | test penetracyjny | Pen testing |
| reconnaissance | rozpoznanie | Pen testing |
| privilege escalation | eskalacja uprawnień | Pen testing |
| lateral movement | ruch lateralny | Pen testing |
| payload | payload | Pen testing |
| proof of concept (PoC) | dowód koncepcji | Pen testing |
| risk assessment | ocena ryzyka | Compliance |
| data breach | naruszenie danych | Compliance |
| incident response | reagowanie na incydenty | Compliance |
| forensics | informatyka śledcza | Compliance |
| chain of custody | łańcuch dowodowy | Compliance |
| compliance | zgodność z regulacjami | Compliance |
Podsumowanie
Angielski w cybersecurity to nie tylko kwestia komunikacji — to kwestia precyzji pod presją czasu. Incident report napisany w 5 minut o 00:13, debrief po pen teście przed zarządem, ujawnienie krytycznej podatności klientowi — w każdym z tych momentów właściwe słownictwo jest częścią profesjonalizmu.
Rozszerz słownictwo w artykule o słownictwie IT po angielsku, sprawdź angielski dla Cloud Architekta jeśli zarządzasz bezpieczeństwem infrastruktury chmurowej, lub zajrzyj do angielski dla DBA — security baz danych to jeden z najczęstszych obszarów podatności.
Gotowe fiszki z terminologią Cybersecurity znajdziesz w ścieżce Cybersecurity Specialist w sekcji IT & Programowanie.