Actually I have an unpopular opinion in regards to your question on competency. The computing industry as a whole over the years has grown and morphed to the point that there’s a high level of ineptitude when it comes to basic administration of networks, servers, and services. Basic concepts of not sharing passwords, locking networks down, using TLS, least privileged access, and so much more aren’t practiced as much as they may have been (well if at all). I’m sure there are plenty of companies and teams that do good things but I’ve seen now at a few companies I’ve worked, lax attitude and poor response to incidents that I believe has made it scary easy for a bad actor to gain access to things they shouldn’t.