There are two ways to be a security expert.
First, the bad way:
Publish articles saying “you should do things like I say, because I’m a security expert, and this is how you secure computers”.
Then, the good way:
Answer questions that people throw at you with other questions. Here are some example questions you might try:
There are further depths to which you can refine these questions – for instance, consider potential risks and damage in terms of compliance regulations and sanctions, business costs, public relations, technical effort, etc.
In the Information Security field, we often get so wound up in our own technological solutions that we lose sight of the problem we were trying to solve, or the magnitude of it.