惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
爱范儿
爱范儿
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
B
Blog RSS Feed
博客园 - 聂微东
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
Scott Helme
Scott Helme
AI
AI
S
Security Affairs
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
AWS News Blog
AWS News Blog
T
Threatpost
Cyberwarzone
Cyberwarzone
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42
V
Vulnerabilities – Threatpost
J
Java Code Geeks
博客园 - Franky
月光博客
月光博客
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
D
Docker
小众软件
小众软件
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
A
Arctic Wolf
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
量子位
PCI Perspectives
PCI Perspectives
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
腾讯CDC
P
Proofpoint News Feed
S
Security @ Cisco Blogs
G
Google Developers Blog
C
Cisco Blogs

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Educate at Event Speed: Cisco Live Security Operations Center
Bilal Qamar · 2026-07-08 · via Security @ Cisco Blogs

At Cisco Live AMER 2026 in Las Vegas, my work with the Cisco Event SOC centered on one outcome that makes these deployments valuable beyond the event itself: Education. The SOC protects the conference, but it also turns live operations into a learning environment through SOC tours, Cisco Live sessions, training inside the SOC, and conversations in the World of Solutions. Just as important, lessons from the event feed back into product conversations, repeatable workflows, and future deployments.

SOC tours made the mission visible

Attendees saw how the SOC works with the Network Operations Center to monitor real conference traffic, investigate suspicious activity, and protect the conference experience. The tours also showcased One Cisco in action by bringing networking from the NOC together with security and observability. With the release of Cisco Cloud Control, that connection felt especially relevant. The tours gave attendees a practical view of why shared operational context matters, especially when teams need to understand, decide, and respond quickly.

SOC tours showed how networking, security, and observability came together in the Event SOC.

Bringing live SOC lessons into the classroom

Education also happened in the sessions I delivered at Cisco Live. I used three different formats to bring live SOC experience into the room:

  • a DevNet session for coding and API based automation,
  • a hands-on lab, and
  • a technical seminar for a deeper architectural discussion.

The purple team lab was especially valuable because attendees worked through both red team and blue team activity based on real APT group emulation. They could see how agentic AI can shorten the path from detection to remediation, while analysts still validate evidence and make the final call. Across the wider SOC team, analysts were also balancing live operations with speaker sessions, booth conversations in the World of Solutions, and hands-on coaching for newer team members.

Cisco Live sessions brought Event SOC lessons into coding, hands-on, and technical learning formats.

Training SOC: building confidence during live operations

Education also happened inside the SOC. We had extra space available during the event and used it as a Training SOC, where newer team members could learn the environment hands-on while live operations continued nearby.

That format gave new SOC members time to understand the event network, the toolchain, and the handoff between the SOC and NOC before jumping fully into live investigations. They could walk through example detections, review evidence with experienced analysts, and ask questions about the context that makes event security different from a steady-state enterprise environment.

Experienced analysts explained how they moved from signal to decision, what evidence changed their confidence, and how they documented the outcome. That helped newer team members build confidence while turning live event experience into repeatable learning for the next deployment.

Education through customer conversations

The World of Solutions added a different kind of education. Booth conversations were less structured than a tour or a class, but often just as useful. Attendees brought questions about alert noise, visibility, automation, handoffs between teams, and how to mature a SOC without adding friction for analysts. Those conversations made the education loop two-way: we shared what we learned from operating the Event SOC, and customers helped us see what needs to be clearer, easier, or more useful in real environments.

World of Solutions conversations connected live SOC experience with customer questions.

Where education feeds innovation

Event SOCs pressure-test technology and process in a way a lab cannot fully recreate. The environment is temporary, noisy, high stakes, and built quickly. That forces the team to see what works, where workflows slow down, and where better integrations or automation can make a difference. The outcome is not only a safer event, but better product feedback and a stronger baseline for the next deployment.

Cisco Live AMER 2026 reinforced that the SOC is one of the best classrooms we have because it teaches through real operations.

For a deeper look at the model behind these deployments, read the Cisco Event SOCs: A Reference Architecture and Operations Guide.

At the next Cisco Live or Cisco-supported event, book a SOC tour. It is one of the best ways to see the Event SOC in action and take practical lessons back to your own SOC.

Check out the blogs by the engineers who worked inside the SOC at Las Vegas: