How do you approach a security problem that requires both technical depth and stakeholder management?