To this day i haven't met a security consultant or data protection person that had any idea what they were talking about. I'm not talking about experts, but people that were appointed and got the title "Security something".

Most of them were regular business people that just parrot some buzzwords like "Encryption" and "at least 256 bit".