I said I would gather the clients requirements and understand how much they're willing to spend or if they would prefer opensource technology. I then explained how i'd shift security left within the pipeline with tools like Trivy, Snyk, Policy-As-Code etc.