Why is Technical Incompetence Both Rampant and Accepted in Cybersecurity?

The author, who started as an exploit developer and is now in security, expresses surprise at the acceptance of technical incompetence in the field of cybersecurity. They share an experience where employees of a major tech company did not know what GitHub was and did not understand why blocking their own official GitHub was problematic. The author also mentions frequently heard phrases such as "You don't need to be technical to set policy" and "You don't need to be able to program to work in security," highlighting the lack of technical skills among those setting security policies.