How do you identify risks, recommend mitigations, and define secure configuration requirements at Ascendion?