Depends
The harshest criticism in my environment is reserved for people who pretend to be techies, but use tools that hide complex environments from them with pretty interfaces.
If you review this, [link|http://z.iwethey.org/forums/render/content/show?contentid=227484|http://z.iwethey.org...?contentid=227484], you will see one of our guiding principles for our organization is:
would like to have a bunch of smart cross-trained geeks running the place, rather then vendor focused silos of knowledge
A recent example was a dump of a GUI generate iptables rule-set. The jr admin was showing it, and was unable to explain what it was doing. Now this admin is smart, but inexeperienced HERE. He has a comp-sci degree, and has setup and adminned many Linux and Unix systems. He is also a deep-diver, usually reading up on great detail when researching something. In other places he may qualify for Sr admin, just not here, where we have someone else we call senior, who has far more experience than this guy.
Anyway, he was wrong when he explained it. When I read the ruleset, I made the exact same mistake, but figured it out a few lines later, since I don't pretend to know the syntax of IPTables.
If I am responsible for this particular bit of security - firewalling the DMZ, then I'm going to follow my requirements list. Works 1st, securely.
I can test "works". I can theorize "securely". But only if the low level rules are written by me, as simply as possible, as restrictive as possible. If I use a pretty front end, I have been abstracted from the implementation. An I have NO trust for writers of pretty front ends, since the focus is not the security, it is the pretty front end.
Some day I am going to be called to explain every aspect of the security up on a white board. I'm not allowed to say: IPCOP says it should be OK.