Los Angeles Cybersecurity Conference

We often talk about threats in terms of dollars lost, data stolen, or headlines made. But the real threat lives deeper—in the structure, the strategy, and the growing ambition of the actors behind the screen. Today’s cybercriminals don’t just encrypt files; they build economies, launder, influence, and forge alliances that stretch across borders and industries. In this talk, we’ll peel back the layers of modern cybercrime and explore how loosely affiliated hackers have evolved into organized syndicates. These groups operate more like multinational corporations than rogue disruptors—complete with HR departments, recruitment pipelines, insider relationships, and state protections.

Analyzing a real-world cybersecurity attack, we’ll step through how the attack unfolds and present specifics on tactics and tools to combat the threat.

Identity Security is essential to enterprise protection. Breaking down identity silos across environments on-prem & cloud for human & non-human identities (NHIs) is crucial for success in a modern Identity program. As businesses become increasingly connected the attack surface continues to grow. Identities, both human & non-human are the new perimeter – with Identity being the primary attack vector for threat actors. Protecting human & non-human identities across cloud (IaaS, SaaS, PaaS) & on-prem remains key. Yet most identity programs only partially solve the picture by either focusing on only cloud or on-prem, or only a single element of identity security – be that PAM, IGA,   ITDR or NHI – leaving open blind spots & exposure. Join Delinea to learn how to break down Identity silos & build a complete Identity program to solve the whole Identity picture

The End of Legacy Network Security argues for replacing layered, box‑centric designs with outcome‑driven networks where security is native. It champions “security built‑in, not bolted on” via native Zero Trust at the access layer, per‑device isolation to stop lateral movement, and an integrated, cloud‑driven architecture that operates at “cloud speed,” replacing brittle VLAN/ACL/NAC stacks with an identity‑aware fabric that’s continuously current, observable, and assured.

Current security models are failing to keep up with the speed, complexity, and scale of modern software. Security professionals are doing their jobs—and yet, attacks still get through. In this session, hear the story of four people caught in the aftermath of a breach: a developer, a SecOps lead, an AppSec engineer, and a compliance officer. All working in good faith. All stuck in a broken system. This talk will introduce a new blueprint for modern software defense, modeled on the smartest of cities that have instrumented infrastructure to see, adapt, and respond in real time. Walk away with a prescriptive framework – based on context, coordination, and culture – that teams can use to stop guessing and start defending.

In this session, Rick Horwitz will explore how next-generation web application defense techniques use deception to disrupt account-takeover attempts by returning responses that resemble invalid login credentials. Rather than outright blocking the request, this approach introduces uncertainty, making it harder for attackers to understand why their attempts are failing.

This method leverages core principles of security deception—raising an attacker’s cognitive load, consuming their time, and prompting them to question the reliability of their tools or assumptions. Over time, this added friction can decrease the likelihood that they continue targeting the application.

Because these techniques typically require minimal configuration, they can offer immediate insight into attack patterns and behaviors. These signals help defenders analyze adversary tactics and strengthen overall protections, demonstrating how psychological and operational pressure can complement traditional security controls.

Annual phishing and email safety training often rank alongside OSHA compliance and harassment training in terms of employee enthusiasm—and questionable impact. Too often, phishing simulations fail to meaningfully reduce human risk. By integrating real-world threat intelligence, however, organizations can ensure users train against active, relevant threats. This not only makes simulations more impactful but also provides awareness teams with actionable metrics to shape curriculum and measure genuine organizational risk.