How do you explain your methodology for solving a security problem from root cause to remediation at SAS?