- Anonymous - Script kiddies. Also see: Slacktivism
- Advanced - More advanced than the products the presenter sells
- APT - "Fancy name for shit you have in your network and didn't notice for a while"
- China - Because why not? Also see: Attribution Dice
- Cloud - The computers of someone else
- Cyber Terrorists - Sqirrels
- Cyberwar - Espionage
- Cyberweapon - Usually an exploit or other minor part of an attackers toolchain
- Dark/Deep Web - Slang for Tor hidden services used by people who don't know how Tor works
- Defaced/DDoSd/Hijacked Homepage/Social Account - See: XKCD #932
- Guy Fawkes Mask - You should probably leave the room and have a drink
- IS Hackers/Cyber Caliphate - Script kiddies with weird ideologies
- Machine Learning / AI - Code that generates signatures but they don't exactly know how
- Mass Surveillance - Intelligence agencies collect part of the data people give out to Google and Facebook
- Military Grade - Not used by the military for various reasons
- Nation State Malware - Malware that didn't get caught by the antivirus of the victim
- Patented Technology - They don't know if it works but they have lawyers
- Product - Yet another thing that can break
- Recent Data Breach of X - A strong indicator of FUD
- Russia - See China
- Signatureless - Including more complex signatures than last year
- Solution - Yet another set of things that can break
- Startup - A company specialized in money burning
- Top 10 List - Incomprehensive collection of arbitrarily chosen items
- Is the presentation based on a viable threat model?
- Are sources/references/prior work included?
- Statistics and graphs
- Are the statistics based on publicly accessible data?
- Is that a statistic or just a nice picture without any actual numbers?
- Are the base points of the graphs set to a resonable value?
- Is this linear or logarithmic scale?
- Was this thing done before? Is it any new?
- Does the presenter claim to have a solution for the halting problem?
- Analogies of automobile/aviation safety
- Does the presenter know the difference between safety and security?
- Are you sure you have nothing better to do?
- Product talks/demos
- Does the vendor have easy to access public channels for bug reporting?
- Does the vendor release public security advisories regarding their own products?
- What defensive measures does the product implement to protect itself from attacks?
- Magic Quadrants
- What exactly was measured when creating the diagram?
- Do multiple presenters show the same diagram? Do they draw contradicting conclusions from it?
- Do presenters of competiting companies use different diagrams? Why is that?
- Should you really look for Leaders?
- Why does it even have a chip in it?
- Are there people other than the presenter and the manufacturer who acually use this thing?
- Does the presented scenario represent higher risk than having that smart thing in your house in itself?
- Which one is more difficult: obtaining the Thing or figuring out the attack?
- How many times did the presenter see/touch actual industrial equipment?
- Is the talk really about ICS/SCADA or just about another standard piece of HW/SW that happens to be used in industrial systems?
- What are the viable scenarios when a "cyber" attack is more effective than "ordinary" attacks (e.g. bribing people, blowing up stuff, etc.)?