When I was an Ensign (ok, and sometimes as a JG) we used to (sometimes) sit in meetings and write down all of the acronyms, buzz words and power phrases, and then string them together to make jibberish paragraphs that actually sounded like they could be legit! It was even more fun to hear those phrases later when someone else picked them up and used them as their own. Imagine how hard we laughed!
A few years ago I had a young guy that worked for me in, who after a few drinks at an offsite used the phrase "fake it till you make it". I hadn't thought about that comment in a while but I was reminded of it last week during a conversation with a young security pro(?), who I'm convinced writes key words and buzz phrases from the multitude of information security conversations he participates in and then saves them in reserve for those times when he's in a conversation where he needs be credible, but lacks depth. The thought is, sprinkle in a few important words, names or concepts —regardless of how well they're known, do it with conviction, take cover from the halo effect of previous successes, and there's a high likelihood that won't be (most times) challenged.
I feel like I'm seeing this more and more. I went to an ISC2 meeting where a Mandiant exec (at the time) and I both presented on APT. We talked about indicators and TTPs, until one brave young woman, in this otherwise deer-in-the-headlights audience, chimed in and asked What is an IOC? OK, so she's the CISO for a string of medical facilities and should know that, but if there were ever a place to ask the question and get an education, it'd be at an ISC2 meeting right?
Good for her!
This is hard stuff. You can't just log into a Netgear box and increase to the next highest security settings needed to keep you safe. There are a dozen (or more —usually more) interdependencies that also must be considered.