If you were tasked with improving the security of an existing application at Stryker, what approach would you take?