You're asked to lead a security engineering initiative where the initial goal is clear, but the detailed requirements keep changing as new information comes in from users, operators, and leadership. You need to make progress without waiting for perfect clarity, while avoiding wasted work and keeping stakeholders aligned.
How do you operate when requirements are unclear or rapidly shifting?