There was a time when I was in the security testing industry.
It didn't work out because I left that company soon after, for various reasons.
I did a lot of security testing consulting, and I found myself contextualising security testing over and over to clients and role players.
As a way to explain certain concepts to an audience, I came up with this:
Here is a video of one of my talks, at GovTech in 2013, and the slides for it: