Wasn‘t there a crunchbang project putting this nicely together with debian? I remember it fondly, but that is centuries ago…

Key point: „To be secure, you should always use the latest long-term stable kernel. The key word here is “latest.” It’s not enough to use an LTS […] [or at least] Continuously update to the latest kernel release, either major or stable.“