惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
IT之家
IT之家
S
SegmentFault 最新的问题
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
J
Java Code Geeks
博客园 - 聂微东
雷峰网
雷峰网
阮一峰的网络日志
阮一峰的网络日志
The Cloudflare Blog
博客园_首页
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 【当耐特】
腾讯CDC
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
宝玉的分享
宝玉的分享
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
NISL@THU
NISL@THU
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
L
LINUX DO - 热门话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
F
Fortinet All Blogs
博客园 - Franky
L
Lohrmann on Cybersecurity
S
Secure Thoughts
量子位
V
Vulnerabilities – Threatpost
Last Week in AI
Last Week in AI
博客园 - 叶小钗
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
I
InfoQ
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Educate at Event Speed: Cisco Live Security Operations Center
Bilal Qamar · 2026-07-08 · via Security @ Cisco Blogs

At Cisco Live AMER 2026 in Las Vegas, my work with the Cisco Event SOC centered on one outcome that makes these deployments valuable beyond the event itself: Education. The SOC protects the conference, but it also turns live operations into a learning environment through SOC tours, Cisco Live sessions, training inside the SOC, and conversations in the World of Solutions. Just as important, lessons from the event feed back into product conversations, repeatable workflows, and future deployments.

SOC tours made the mission visible

Attendees saw how the SOC works with the Network Operations Center to monitor real conference traffic, investigate suspicious activity, and protect the conference experience. The tours also showcased One Cisco in action by bringing networking from the NOC together with security and observability. With the release of Cisco Cloud Control, that connection felt especially relevant. The tours gave attendees a practical view of why shared operational context matters, especially when teams need to understand, decide, and respond quickly.

SOC tours showed how networking, security, and observability came together in the Event SOC.

Bringing live SOC lessons into the classroom

Education also happened in the sessions I delivered at Cisco Live. I used three different formats to bring live SOC experience into the room:

  • a DevNet session for coding and API based automation,
  • a hands-on lab, and
  • a technical seminar for a deeper architectural discussion.

The purple team lab was especially valuable because attendees worked through both red team and blue team activity based on real APT group emulation. They could see how agentic AI can shorten the path from detection to remediation, while analysts still validate evidence and make the final call. Across the wider SOC team, analysts were also balancing live operations with speaker sessions, booth conversations in the World of Solutions, and hands-on coaching for newer team members.

Cisco Live sessions brought Event SOC lessons into coding, hands-on, and technical learning formats.

Training SOC: building confidence during live operations

Education also happened inside the SOC. We had extra space available during the event and used it as a Training SOC, where newer team members could learn the environment hands-on while live operations continued nearby.

That format gave new SOC members time to understand the event network, the toolchain, and the handoff between the SOC and NOC before jumping fully into live investigations. They could walk through example detections, review evidence with experienced analysts, and ask questions about the context that makes event security different from a steady-state enterprise environment.

Experienced analysts explained how they moved from signal to decision, what evidence changed their confidence, and how they documented the outcome. That helped newer team members build confidence while turning live event experience into repeatable learning for the next deployment.

Education through customer conversations

The World of Solutions added a different kind of education. Booth conversations were less structured than a tour or a class, but often just as useful. Attendees brought questions about alert noise, visibility, automation, handoffs between teams, and how to mature a SOC without adding friction for analysts. Those conversations made the education loop two-way: we shared what we learned from operating the Event SOC, and customers helped us see what needs to be clearer, easier, or more useful in real environments.

World of Solutions conversations connected live SOC experience with customer questions.

Where education feeds innovation

Event SOCs pressure-test technology and process in a way a lab cannot fully recreate. The environment is temporary, noisy, high stakes, and built quickly. That forces the team to see what works, where workflows slow down, and where better integrations or automation can make a difference. The outcome is not only a safer event, but better product feedback and a stronger baseline for the next deployment.

Cisco Live AMER 2026 reinforced that the SOC is one of the best classrooms we have because it teaches through real operations.

For a deeper look at the model behind these deployments, read the Cisco Event SOCs: A Reference Architecture and Operations Guide.

At the next Cisco Live or Cisco-supported event, book a SOC tour. It is one of the best ways to see the Event SOC in action and take practical lessons back to your own SOC.

Check out the blogs by the engineers who worked inside the SOC at Las Vegas: