Recently I learned that telling a couple engineers they can Netflix and Chill because they got their sprint done early, is not nearly the meaning I thought it was. It was not the, “go ahead and have a beer, and call it a weekend early” that I thought it was.

I met my wife back when you used Blockbuster for DVD’s. Do you remember the hybrid model, where you could go to the store, AND get DVDs delivered?
I’m not old, you are.

Anyway, I digress.

Accuracy in the language used in cybersecurity is honestly pretty frustrating.
It can't be the only industry where a marketing description of a product to be 100% right, and oh so, so, so wrong.
"We prevent the attack" can either be usually right, or usually wrong.
May the person with the most fireworks, models (male and female), jazz hands, and biggest marketing claims win.

The devil is, indeed, in the details.
Cybersecurity is also one of those really deep knowledge fields where, because consumers and engineers alike are walking on the shoulders of engineering giants, it is really easy for consumers and even technologists to really not have the time to figure out those details. Even when it really matters. Even when, in cybersecurity, a lot of that "research" is not really taught in schools (though that's better and improving now). Marketing analysts will, of course, for the right price tell the story that needs to be told as trusted advisors to end users trying to separate fact from fiction.
A bit like when I go to the doctor, to be honest.
I nod, knowingly, but I honestly am not a doctor (cue a Star Trek Bones references). I don't even play one on TV.

I remember a conversation with Greg Fulk, former customer, current investor, who now has his own pretty cool company (check it out, seriously), having to talk about his own investigative journey before purchasing. Despite a busy schedule, he took time out of his day to unwind the layers of groupthink from the rest of the security vendor marketing (at least for endpoint-based security), and make an assessment for himself whether Cyber Crucible's different approach has merit or not.

Not everyone has the time or technical skill to do that.
Some are too busy being experts in keeping the Board happy, or at keeping the OT and IT teams from donning luchador masks every patch Tuesday.
And that's all right, because those are skills too.

I did speak to a guy once that tried to point out to a cadre of executives at a manufacturing company that they knew in detail every component's MTBF (Mean Time Before Failure) in their plant's operation, but clueless for the "nerdy" IT and security stuff.

I don't think that guy got a bunch of executives jumping up to ask questions about PKI, but I hear he made progress.
Rome wasn't built in a day.
Neither was Netflix's library.
And getting to the result you want in the end, after a bunch of effort, can be pretty chill.
Wait, no, that's not what I meant.