LARPing as a security engineer for many years has taught me many things. For one, security isn't like in the movies. "Oh no, it's 256 bit encryption! frantically types. I'M IN."
More importantly, you need to find a way to say yes. I don't mean to rubber stamp every design. NEXT. I mean the goal is to build a great product. To build a great product, you need people to discuss their crazy ideas with you. If you don't build that trust, you'll become an obstacle to avoid. "Security will never allow it", they'll say.
Saying yes means finding an approach fitting your tolerance for risk, and your threat model. What are we building? What can go wrong? What are we going to do about it? With the right design and layering of security controls, trust you'll find a way to say yes.