When a group of us “organizational security” practitioners* gathered in Prague this February, we were cautiously optimistic about what we could achieve.