Tell me about a time a client or internal stakeholder pushed back on a security requirement. How did you handle it?