How do you explain technical security concepts in a straightforward way to non-technical stakeholders?