How do you balance rigorous security mandates with the operational needs of a consulting practice at Berkeley Research Group?