Describe a situation where you had to convince a team to adopt a security policy. What was your approach?