You are reflecting on a security engineering project where something important went wrong because you did not identify a risk early enough. The miss could have been technical, operational, or stakeholder-related, but it materially affected delivery, security posture, or customer experience.
Give me an example of a time you failed to identify a risk. What did you learn?