These are all valid points, the apt and nftables have bitten me as an older timer. While I think one should handle nmap, tcpdump with care I have never seen an organization that fire someone based on it.
I may or may not work for a large credit bureau in the US, and I had a legitimate need to run nmap from my laptop to scan a server. 30 minutes later, I get pinged by security asking about it, which I gave an explanation, which they followed up with asking if I sought permission to use the tool (no, why would I?). They made me remove nmap, because that’s what hackers use. A month later, I get an email from someone else letting me know the situation was resolved. The point being, I ran one scan which involved no less than 7 people and wasted a month of time.
