I propose someone who doesn’t know or care how a system works shouldn’t be prescribing what to do to make it secure. Otherwise this is like suggesting every gate must have a lock to be secure, even those which aren’t connected to any walls.

https://i.imgur.com/ntYUQB1.jpeg

> someone who doesn’t know or care how a system works shouldn’t be prescribing what to do to make it secure

The part that’s not said outloud is that a lot of “computer security” people aren’t concerned with understanding the system. If they were, they’d be engineers. They’re trying to secure it without understanding it.