Describe a situation where you identified a flaw in an existing security process. How did you go about fixing it?