Security pros love to give advice that has little value to their audience. Security pros should focus on building perfect solutions instead of building solutions that work good enough. The OWASP top ten list hasn’t changed much in the last ten years. Telling users not to click on links is correct, but not actually useful. The best way is to look at the results of the advice you give out doesnt work. Advice you can’t give out voodoo is voodoo, its important to measure what youre doing.”]
Source: https://www.csoonline.com/article/3236469/are-you-giving-useful-advice.html