• United States

A first-hand account of Cisco Live 2018 in Orlando

Jun 21, 201814 mins

The Cisco Live experience – from the perspective of a long-term attendee and speaker. A peak behind the curtain, learning Cisco technology, culture, education, beer and even kilts! See the options that are available to you through the eyes of someone hosting, leading or attending a little bit of everything.

David Goeckeler Executive Vice President and General Manager of Cisco's Networking and Security Busi
Credit: Cisco

I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.  While my perspective may be a bit different than your average attendee, I thought I’d give it a shot and write it up.

Cisco Live is an amazing event.  Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years. 

  • Cancun, Mexico – December 2017
  • Barcelona, Spain – February 2018
  • Melbourne, Australia – March 2018
  • Orlando, Florida, USA – June 2018

When I was a young buck and started attending Cisco Live they were actually called “Networkers” and to me, that still describes the best part of Cisco Live.  Not networking in the technology sense, but the human networking that goes on.  It’s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.

This year I got stopped in the hall by an old friend I have not seen in many years, as well as a wonderful surprise reunion with a former student of mine who I have not seen in 16 years.

As an Engineer in Cisco’s Security Business Unit, I do get to meet certain customers fairly regularly; but nothing compares to being there with thousands of people sharing similar interests and having 1:1 conversations with hundreds of them (at least).  Top that off with the “meet the expert” sessions where I get to meet with a customer 1:1 in a small conference room equipped with a white-board & some markers!  It is in those rooms that customers explain their unique issues to me, and we work to solve them together. Maybe, if we’re lucky, we would even come up with solutions to world hunger. 🙂

This year I was crazy enough to present 4 separate times.  There is a tremendous amount of work that goes into every session at CiscoLive, and I decided to quadruple that this year. What was I thinking? We are working on these presentations constantly, we have regular reviews of the content, and we do put blood, sweat, and sometimes tears into this work.  Why do we do it?  Because we believe in our technologies and this is our chance to share that with all of you!

Not only are the speakers working on our sessions early. We are often the same people who are running the network at CiscoLive. Friends of mine like Nicole Wajer are part of the NOC team as well as rock-star presenters on topics related to security and IPv6; while other friends of mine like Brandon Culler and Jim Florwick have the crazy task of supporting the high-density wireless networks required to seamlessly support 22,000+ concurrent users, with rooms having thousands in the same room at any given time.

Now let’s break down this year’s event day-by-day:

Sunday – Not for the faint of heart

So now you know a bit about the tremendous pre-conference effort, and this year I had to get started on Saturday morning for prep work, and a dry run of my Sunday session.  That’s right, I said Sunday.  While Cisco Live technically started on Monday, they always offer this “bonus” day on Sunday filled with tectorials & hands-on labs. For those at home, a tectorial is an “extra” session that costs a bit more on top of the normal registration fee and is much longer than the typical 90 or 120-minute breakout sessions.  A tectorial will typically run either 4 or 8-hours, depending on the topic.

Only the most hard-core attendees come for the tectorials and are willing to subject their brains to the mind-melting effort of a 4 or 8-hour deep dive on any technology.  But they sure do attend & subject themselves to that level of pain every year.

This year, on Sunday, my colleague, Naasief Edross, and I presented a 4-hour tectorial covering integrating Cisco security products together for incident response orchestration (my part) and then how to automate the incident response orchestration with 3rd party tools like Phantom, Resilient and Exabeam (Naasief’s part). 

I closed Sunday out by being honored as the “closing keynote” for the first ever Talos Threat Research Summit (TTRS), where I presented on “The importance of visibility in a world where we are going blind”.  This session focused on how the bad guys are hiding in encrypted traffic, using Cisco network intelligence to perform selective decryption and Encrypted Traffic Analytics (ETA); as well as using endpoint tools like AnyConnect Network Visibility Module (NVM) & our Cisco Security Connector (CSC) for iOS to get telemetry from the endpoints themselves. 

TTRS was a brand-new sub-conference, and while it was kind-of a part of Cisco Live, it was also kind-of separate.  The audience seemed to be VERY engaged & very interested in security technology and details.  So, I felt a little sheepish presenting a keynote style presentation instead of something technically deep in the weeds, although I received very positive feedback.  Lesson learned for Talos Threat Research Summit 2.0: go deep on technology – assuming I get invited back, of course.

Monday – First official day, podcasts, book signings, MTEs and kilts!

Monday did not include any presentation sessions for me but was filled with “meet the expert” (MTE) meetings, recording a Cisco Security TAC podcast with industry legend David White, Jr and CCIE Security extraordinaire Kevin Klous; followed by a “meet the author” book signing of our new CCIE Security book volume 1.

figure 1 podcast 1000px Aaron Woland

Recording the podcast with some legends!

The Cisco Security TAC podcast is a very long-running and popular podcast hosted by some of the TAC leaders.  On the podcast, they often talk about customer problems, how they solved them, how to troubleshoot technologies, and other common themes you expect to hear from security and TAC experts.  If you’ve never listed the podcast, check it out. 

Cisco Press hosts some “meet the author” sessions, where you get to meet up with the author of some of your favorite Cisco Press titles that are also on sale in the on-location Cisco store.  Since I have authored a number of books now, and my latest one “Integrated Security Technologies and Solutions – Volume I” was just released, I was invited to host one of these meet the author sessions with my three co-authors.

This session was yet another way to get some great interaction with folks who are using security solutions daily, and possibly studying for certification.  It’s always so great to hear/learn what people are doing for security & what they really think in a comfort zone when they will be as candid as possible.

figure 2 meet the author 1000px Aaron Woland

3 authors meeting a customer who’s book we just signed (missing author: Mason Harris).

As I said, Cisco Live is very much a friendly, almost family-like culture, and Monday is also the home of #KiltedMonday – a long standing Cisco Tradition to wear a kilt on the first day of a major conference!  It allows posers like me to channel our inner William Wallace and pretend we’re Scots for a day, and If nothing else, it proves you have chutzpah to wear a kilt on the first official day of 20,000+ person conference.

figure 3 kiltedmonday 1000px Aaron Woland

#KiltedMonday meet up.

The #KiltedMonday meet up happened at the Social Media Lounge within the World of Solutions (WoS), and we had live games and competitions with trophies!

That leads me to the WoS, which is a gigantic venue where you find hundreds of booths for partners / vendors of all sorts as well as Cisco itself right alongside of some fun little activity areas – like giant sized Connect4, Chess, Checkers and Battleship games, even putting greens for those golfers out there.

In the WoS, you can wander around from vendor to vendor & learn about their product offerings, see live demonstrations, hear presentations about their specific area of expertise, ask questions to experts, even whiteboard solutions with Cisco TAC, and (of course) pick up a lot of swag.

Up in the WoS, we even have our very own Threat Wall, where we show the dashboards of our security tools for the live traffic of the conference.  You can see the ThreatWall proving the point I made at the TTRS, where the majority of traffic is encrypted nowadays. 

figure 4 threatwall 1000px Aaron Woland

The “Threat Wall” showing security dashboards for the live traffic at CiscoLive.

Monday finally closed with a customer dinner where we in the Cisco Security Business Group (SBG) took a bunch of customers out to a nice dinner.  I myself was sitting next to and across from three customers that I may never have met face-to-face without the dinner.  It was absolutely fantastic to hear their point of view as a smaller shop with just a few guys having to manage many of our advanced threat solutions day in & day out, what they struggle with and what they want to accomplish. 

As a side note: I am currently in the planning stages of a trip to go out and meet with them onsite to see their operation first hand and help them with their solution designs.

Tuesday – Keynotes, sessions, MTE’s & the droids we WERE looking for

I unfortunately don’t get the opportunity to see the keynote sessions, because my schedule is so packed when I’m at CiscoLive.  So, for me Tuesday began with three more MTE’s, during which my phone blew up with people notifying me that my name and picture was displayed up on the big screen at Chuck Robins’ opening keynote, being honored for being in the ranks of the Hall of Fame Elite for speakers. That was really cool, and I wish I could have seen it in person.

After those MTE’s and some prep-time, I presented at one of Tuesday’s last sessions with a 4-6pm ranting to a sold-out crowd of ~500 attendees in my “therapy session”: Advanced Security Integrations, Tips & Tricks.  In this session I get to clarify years of misunderstood Cisco marketing around “Rapid Threat Containment” & “Threat Centric NAC” and explain real world uses of the integrations, as well as tricks on working with it all for automating the incident response orchestration. Also, I explain that Quarantine means “nothing” unless you configure it to do something; and I explain that concept in a nice, calm demeanor 🙂

Tuesday Night proved to have too many options to choose from.  There were vendors hosting parties for select attendees, there were dinners that Cisco account teams were hosting, a Cisco Press author dinner, Cisco DevNet party and more. I selected to attend the CCIE Party, where all active (or emeritus) CCIE’s and a guest are invited to an exclusive celebration.  This year’s CCIE party was held at an exclusive LucasFilm approved StarWars venue in a hidden area of Disney’s Epcot center, so I elected to bring my beautiful wife with me to this exclusive geek fest.

figure 5 ccie party 1000px Aaron Woland

Me & my better half at the CCIE party avoiding the Storm Troopers.

Wednesday – Whispers, sessions and beer

Wednesday morning was started with what’s known as a “Whisper Suite” where customers can reserve time with Cisco executives in a private room to have very private NDA discussions. In this session I got to speak candidly about current capabilities and roadmaps to a group of engineers and managers from an unnamed customer regarding Cisco’s Advanced Malware Protection (AMP), Threat Grid, and Cisco Visibility – while TK Keanini, Distinguished Engineer and product line CTO, spoke about Encrypted Traffic Analytics and Stealthwatch. The session was eye opening for both parties. The customer got to learn about what our current capabilities are and where we are headed, while we got to learn all about their challenges.

Wednesday afternoon continued with me presenting to a standing-room-only crowd for my endpoint security session “Endpoint Security, Your Last Line of Defense”.  In this session I review a general strategy for securing all endpoints, and then I dive deeper into some technologies like Cisco Security Connector (CSC) for iOS, AnyConnect NVM itself as well as using NVM with Stealthwatch, Splunk & IBM QRadar.  I also dive into newer AMP for Endpoints features and protections like the Exploit Prevention (ExPrev) and Malicious Activity Protection (MAP) features that have been added to AMP recently.

My last session on Wednesday was something brand new for Cisco Live this year: “Beers with Engineers”.  This is an open event where we setup tables for different security topics & have an open bar for beer.  Attendees come to this event, grab a beer or two, and sit down at the table that most interests them. 

I was honored to again be with an idol of mine, TK Keanini.  TK is not only a Distinguished Engineer in the Advanced Threat organization, he’s also the former CTO of NCircle (acquired by TripWire) and former CTO of Lancope (acquired by Cisco).  Our table topic was “Security Analytics & Advanced Threats”, and the attendees could talk to us about anything.  We even went off topic and talked about Cisco’s Identity Services Engine (ISE) for a bit, too, even though there was a separate area for ISE hosted by Craig Hyps that you can see with the white couches in the picture.

figure 6 beers with engineers 1000px Aaron Woland

Beers with engineers.

An “amusing” way to appreciate customers

Wednesday finished up the conference for me with Cisco’s “customer appreciation night”. For those who aren’t aware, Cisco’s customer appreciation events are legendary!  In the past Cisco had private performances by Aerosmith, Maroon5, Imagine Dragons, Lenny Kravitz, Elle King, and others.  My very first “Networkers” was in Orlando in the 1990’s.  That year Cisco reserved the entire Universal Studios park just for Cisco’s attendees, speakers, booth workers and some guests. 

This year CiscoLive was back in Orlando & Cisco didn’t disappoint!  They repeated their past awesomeness & we had a private takeover of Universal Studios again, and it was fantastic!

Imagine 30,000+ geeks and their guests running around Universal Studios with funny not-so-little hats, without the rest of the general public while 5 different bands played around the property and the food venues were open & free.  Yes, it is as awesome as you are imagining, and more. Even in a crowd of that size, you still run into lots of old friends and customers that you don’t get to see all the time.  In my case, even my old neighbor!

What if you couldn’t come in person?

All of our sessions are recorded with video, and the sessions all get published to where you can watch them on-demand, even if you never attended a CiscoLive before. It’s free and open to everyone.  Just go there and create yourself an account.

Closing sentiments

To close this blog entry out, CiscoLive is a LOT of work for so many of us, and it is a real time commitment for the attendee, but it is rewarding for us all. I hope if you read this, you got a glimpse of the life of a CiscoLive speaker, the amount of work we put into this, but also just how hard we play too.

It’s a great event to learn a tremendous amount about a wide range of technology, to meet with vendors of your favorite solutions, to meet with vendors of products that you never knew existed, but also to get straight answers directly from the engineers who build the technology you work with every day. Most of all, it’s like a fun family reunion.

For me, I cannot stress enough how great it is to get to work with so many of you in such a short time frame; getting so many points of view & hearing your experiences.

Here’s hoping that I see you at one of the next CiscoLive events.


Aaron Woland, CCIE No. 20113, is a Principal Engineer at Cisco Systems, Inc., and works with Cisco’s Largest Customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards, and standards body working groups.

Prior to joining Cisco, Aaron spent 12 years as a Consultant and Technical Trainer. His areas of expertise include network and host security architecture and implementation, regulatory compliance, as well as route-switch and wireless. Aaron is the author of Cisco ISE for BYOD and Secure Unified Access book (Cisco Press), and many published white papers and design guides. Aaron is a member of the Hall of Fame for Distinguished Speakers at Cisco Live, and is a security columnist for Network World where he blogs on all things related to Identity. His other certifications include: GHIC, GSEC, Certified Ethical Hacker, MCSE, VCP, CCSP, CCNP, CCDP and many other industry certifications.

The opinions expressed in this blog are those of Aaron Woland and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies, including Cisco Systems.