Beware of security advice that comes from people or organizations that have no stake in the outcome, nothing to lose, and won't bear any of the consequences. What do I mean? I discuss in my latest SecurityWeek piece:
https://www.securityweek.com/the-loudest-voices-in-security-often-have-the-least-to-lose/.