Describe a time you had to make a security recommendation that was not the easiest path for the team. How did you justify it?