How do you approach presenting complex security risks to stakeholders who may not have a technical background?