> these same people would be *aghast* if someone left a computer connected to the internet with zero network protection measures.

I don't know what to tell you, but I used to be the sysadmin for these infosec folks and they'd do stupid shit like leave world readable unprotected SSH private keys in their NFS home dir and throw a tantrum when I audited our infra and found them. They also hated sudo requiring a password.

They do not practice what they preach. They do, however, love doing shit for clout.