I have had many people ask me about what Cisco Live is like, from my perspective as a long-time attendee and a member of the Hall of Fame Elite for speakers.\u00a0 While my perspective may be a bit different than your average attendee, I thought I\u2019d give it a shot and write it up.\nCisco Live is an amazing event.\u00a0 Some years, I may present at Cisco Live up to 4 times per year, and this was one of those years.\u00a0\n\nCancun, Mexico \u2013 December 2017\nBarcelona, Spain \u2013 February 2018\nMelbourne, Australia \u2013 March 2018\nOrlando, Florida, USA \u2013 June 2018\n\nWhen I was a young buck and started attending Cisco Live they were actually called \u201cNetworkers\u201d and to me, that still describes the best part of Cisco Live.\u00a0 Not networking in the technology sense, but the human networking that goes on.\u00a0 It\u2019s like a reunion with the people that I get to see year after year; and I get to meet new people every single time.\nThis year I got stopped in the hall by an old friend I have not seen in many years, as well as a wonderful surprise reunion with a former student of mine who I have not seen in 16 years.\nAs an Engineer in Cisco\u2019s Security Business Unit, I do get to meet certain customers fairly regularly; but nothing compares to being there with thousands of people sharing similar interests and having 1:1 conversations with hundreds of them (at least).\u00a0 Top that off with the \u201cmeet the expert\u201d sessions where I get to meet with a customer 1:1 in a small conference room equipped with a white-board & some markers!\u00a0 It is in those rooms that customers explain their unique issues to me, and we work to solve them together. Maybe, if we\u2019re lucky, we would even come up with solutions to world hunger. :)\nThis year I was crazy enough to present 4 separate times.\u00a0 There is a tremendous amount of work that goes into every session at CiscoLive, and I decided to quadruple that this year. What was I thinking? We are working on these presentations constantly, we have regular reviews of the content, and we do put blood, sweat, and sometimes tears into this work.\u00a0 Why do we do it?\u00a0 Because we believe in our technologies and this is our chance to share that with all of you!\nNot only are the speakers working on our sessions early. We are often the same people who are running the network at CiscoLive. Friends of mine like Nicole Wajer are part of the NOC team as well as rock-star presenters on topics related to security and IPv6; while other friends of mine like Brandon Culler and Jim Florwick have the crazy task of supporting the high-density wireless networks required to seamlessly support 22,000+ concurrent users, with rooms having thousands in the same room at any given time.\nNow let\u2019s break down this year\u2019s event day-by-day:\nSunday \u2013 Not for the faint of heart\nSo now you know a bit about the tremendous pre-conference effort, and this year I had to get started on Saturday morning for prep work, and a dry run of my Sunday session.\u00a0 That\u2019s right, I said Sunday.\u00a0 While Cisco Live technically started on Monday, they always offer this \u201cbonus\u201d day on Sunday filled with tectorials & hands-on labs. For those at home, a tectorial is an \u201cextra\u201d session that costs a bit more on top of the normal registration fee and is much longer than the typical 90 or 120-minute breakout sessions.\u00a0 A tectorial will typically run either 4 or 8-hours, depending on the topic.\nOnly the most hard-core attendees come for the tectorials and are willing to subject their brains to the mind-melting effort of a 4 or 8-hour deep dive on any technology.\u00a0 But they sure do attend & subject themselves to that level of pain every year.\nThis year, on Sunday, my colleague, Naasief Edross, and I presented a 4-hour tectorial covering integrating Cisco security products together for incident response orchestration (my part) and then how to automate the incident response orchestration with 3rd party tools like Phantom, Resilient and Exabeam (Naasief\u2019s part).\u00a0\nI closed Sunday out by being honored as the \u201cclosing keynote\u201d for the first ever Talos Threat Research Summit (TTRS), where I presented on \u201cThe importance of visibility in a world where we are going blind\u201d.\u00a0 This session focused on how the bad guys are hiding in encrypted traffic, using Cisco network intelligence to perform selective decryption and Encrypted Traffic Analytics (ETA); as well as using endpoint tools like AnyConnect Network Visibility Module (NVM) & our Cisco Security Connector (CSC) for iOS to get telemetry from the endpoints themselves.\u00a0\nTTRS was a brand-new sub-conference, and while it was kind-of a part of Cisco Live, it was also kind-of separate.\u00a0 The audience seemed to be VERY engaged & very interested in security technology and details.\u00a0 So, I felt a little sheepish presenting a keynote style presentation instead of something technically deep in the weeds, although I received very positive feedback.\u00a0 Lesson learned for Talos Threat Research Summit 2.0: go deep on technology \u2013 assuming I get invited back, of course.\nMonday \u2013 First official day, podcasts, book signings, MTEs and kilts!\nMonday did not include any presentation sessions for me but was filled with \u201cmeet the expert\u201d (MTE) meetings, recording a Cisco Security TAC podcast with industry legend David White, Jr and CCIE Security extraordinaire Kevin Klous; followed by a \u201cmeet the author\u201d book signing of our new CCIE Security book volume 1.\n Aaron Woland\n\nRecording the podcast with some legends!\n\n\nThe Cisco Security TAC podcast is a very long-running and popular podcast hosted by some of the TAC leaders.\u00a0 On the podcast, they often talk about customer problems, how they solved them, how to troubleshoot technologies, and other common themes you expect to hear from security and TAC experts.\u00a0 If you\u2019ve never listed the podcast, check it out.\u00a0\nCisco Press hosts some \u201cmeet the author\u201d sessions, where you get to meet up with the author of some of your favorite Cisco Press titles that are also on sale in the on-location Cisco store.\u00a0 Since I have authored a number of books now, and my latest one \u201cIntegrated Security Technologies and Solutions - Volume I\u201d was just released, I was invited to host one of these meet the author sessions with my three co-authors.\nThis session was yet another way to get some great interaction with folks who are using security solutions daily, and possibly studying for certification.\u00a0 It\u2019s always so great to hear\/learn what people are doing for security & what they really think in a comfort zone when they will be as candid as possible.\n Aaron Woland\n\n3 authors meeting a customer who's book we just signed (missing author: Mason Harris).\n\n\nAs I said, Cisco Live is very much a friendly, almost family-like culture, and Monday is also the home of #KiltedMonday \u2013 a long standing Cisco Tradition to wear a kilt on the first day of a major conference!\u00a0 It allows posers like me to channel our inner William Wallace and pretend we\u2019re Scots for a day, and If nothing else, it proves you have chutzpah to wear a kilt on the first official day of 20,000+ person conference.\n Aaron Woland\n\n#KiltedMonday meet up.\n\n\nThe #KiltedMonday meet up happened at the Social Media Lounge within the World of Solutions (WoS), and we had live games and competitions with trophies!\nThat leads me to the WoS, which is a gigantic venue where you find hundreds of booths for partners \/ vendors of all sorts as well as Cisco itself right alongside of some fun little activity areas \u2013 like giant sized Connect4, Chess, Checkers and Battleship games, even putting greens for those golfers out there.\nIn the WoS, you can wander around from vendor to vendor & learn about their product offerings, see live demonstrations, hear presentations about their specific area of expertise, ask questions to experts, even whiteboard solutions with Cisco TAC, and (of course) pick up a lot of swag.\nUp in the WoS, we even have our very own Threat Wall, where we show the dashboards of our security tools for the live traffic of the conference.\u00a0 You can see the ThreatWall proving the point I made at the TTRS, where the majority of traffic is encrypted nowadays.\u00a0\n Aaron Woland\n\nThe "Threat Wall" showing security dashboards for the live traffic at CiscoLive.\n\n\nMonday finally closed with a customer dinner where we in the Cisco Security Business Group (SBG) took a bunch of customers out to a nice dinner.\u00a0 I myself was sitting next to and across from three customers that I may never have met face-to-face without the dinner.\u00a0 It was absolutely fantastic to hear their point of view as a smaller shop with just a few guys having to manage many of our advanced threat solutions day in & day out, what they struggle with and what they want to accomplish.\u00a0\nAs a side note: I am currently in the planning stages of a trip to go out and meet with them onsite to see their operation first hand and help them with their solution designs.\nTuesday \u2013 Keynotes, sessions, MTE\u2019s & the droids we WERE looking for\nI unfortunately don\u2019t get the opportunity to see the keynote sessions, because my schedule is so packed when I\u2019m at CiscoLive.\u00a0 So, for me Tuesday began with three more MTE\u2019s, during which my phone blew up with people notifying me that my name and picture was displayed up on the big screen at Chuck Robins\u2019 opening keynote, being honored for being in the ranks of the Hall of Fame Elite for speakers. That was really cool, and I wish I could have seen it in person.\nAfter those MTE\u2019s and some prep-time, I presented at one of Tuesday\u2019s last sessions with a 4-6pm ranting to a sold-out crowd of ~500 attendees in my \u201ctherapy session\u201d: Advanced Security Integrations, Tips & Tricks. \u00a0In this session I get to clarify years of misunderstood Cisco marketing around \u201cRapid Threat Containment\u201d & \u201cThreat Centric NAC\u201d and explain real world uses of the integrations, as well as tricks on working with it all for automating the incident response orchestration. Also, I explain that Quarantine means \u201cnothing\u201d unless you configure it to do something; and I explain that concept in a nice, calm demeanor :)\nTuesday Night proved to have too many options to choose from.\u00a0 There were vendors hosting parties for select attendees, there were dinners that Cisco account teams were hosting, a Cisco Press author dinner, Cisco DevNet party and more. I selected to attend the CCIE Party, where all active (or emeritus) CCIE\u2019s and a guest are invited to an exclusive celebration.\u00a0 This year\u2019s CCIE party was held at an exclusive LucasFilm approved StarWars venue in a hidden area of Disney\u2019s Epcot center, so I elected to bring my beautiful wife with me to this exclusive geek fest.\n Aaron Woland\n\nMe & my better half at the CCIE party avoiding the Storm Troopers.\n\n\nWednesday \u2013 Whispers, sessions and beer\nWednesday morning was started with what\u2019s known as a \u201cWhisper Suite\u201d where customers can reserve time with Cisco executives in a private room to have very private NDA discussions. In this session I got to speak candidly about current capabilities and roadmaps to a group of engineers and managers from an unnamed customer regarding Cisco\u2019s Advanced Malware Protection (AMP), Threat Grid, and Cisco Visibility \u2013 while TK Keanini, Distinguished Engineer and product line CTO, spoke about Encrypted Traffic Analytics and Stealthwatch. The session was eye opening for both parties. The customer got to learn about what our current capabilities are and where we are headed, while we got to learn all about their challenges.\nWednesday afternoon continued with me presenting to a standing-room-only crowd for my endpoint security session \u201cEndpoint Security, Your Last Line of Defense\u201d.\u00a0 In this session I review a general strategy for securing all endpoints, and then I dive deeper into some technologies like Cisco Security Connector (CSC) for iOS, AnyConnect NVM itself as well as using NVM with Stealthwatch, Splunk & IBM QRadar.\u00a0 I also dive into newer AMP for Endpoints features and protections like the Exploit Prevention (ExPrev) and Malicious Activity Protection (MAP) features that have been added to AMP recently.\nMy last session on Wednesday was something brand new for Cisco Live this year: \u201cBeers with Engineers\u201d.\u00a0 This is an open event where we setup tables for different security topics & have an open bar for beer.\u00a0 Attendees come to this event, grab a beer or two, and sit down at the table that most interests them.\u00a0\nI was honored to again be with an idol of mine, TK Keanini.\u00a0 TK is not only a Distinguished Engineer in the Advanced Threat organization, he\u2019s also the former CTO of NCircle (acquired by TripWire) and former CTO of Lancope (acquired by Cisco). \u00a0Our table topic was \u201cSecurity Analytics & Advanced Threats\u201d, and the attendees could talk to us about anything.\u00a0 We even went off topic and talked about Cisco\u2019s Identity Services Engine (ISE) for a bit, too, even though there was a separate area for ISE hosted by Craig Hyps that you can see with the white couches in the picture.\n Aaron Woland\n\nBeers with engineers.\n\n\nAn \u201camusing\u201d way to appreciate customers\nWednesday finished up the conference for me with Cisco\u2019s \u201ccustomer appreciation night\u201d. For those who aren\u2019t aware, Cisco\u2019s customer appreciation events are legendary!\u00a0 In the past Cisco had private performances by Aerosmith, Maroon5, Imagine Dragons, Lenny Kravitz, Elle King, and others.\u00a0 My very first \u201cNetworkers\u201d was in Orlando in the 1990\u2019s.\u00a0 That year Cisco reserved the entire Universal Studios park just for Cisco\u2019s attendees, speakers, booth workers and some guests.\u00a0\nThis year CiscoLive was back in Orlando & Cisco didn\u2019t disappoint!\u00a0 They repeated their past awesomeness & we had a private takeover of Universal Studios again, and it was fantastic!\nImagine 30,000+ geeks and their guests running around Universal Studios with funny not-so-little hats, without the rest of the general public while 5 different bands played around the property and the food venues were open & free.\u00a0 Yes, it is as awesome as you are imagining, and more. Even in a crowd of that size, you still run into lots of old friends and customers that you don\u2019t get to see all the time.\u00a0 In my case, even my old neighbor!\nWhat if you couldn\u2019t come in person?\nAll of our sessions are recorded with video, and the sessions all get published to https:\/\/www.ciscolive.com where you can watch them on-demand, even if you never attended a CiscoLive before. It\u2019s free and open to everyone. \u00a0Just go there and create yourself an account.\nClosing sentiments\nTo close this blog entry out, CiscoLive is a LOT of work for so many of us, and it is a real time commitment for the attendee, but it is rewarding for us all. I hope if you read this, you got a glimpse of the life of a CiscoLive speaker, the amount of work we put into this, but also just how hard we play too.\nIt\u2019s a great event to learn a tremendous amount about a wide range of technology, to meet with vendors of your favorite solutions, to meet with vendors of products that you never knew existed, but also to get straight answers directly from the engineers who build the technology you work with every day. Most of all, it\u2019s like a fun family reunion.\nFor me, I cannot stress enough how great it is to get to work with so many of you in such a short time frame; getting so many points of view & hearing your experiences.\nHere\u2019s hoping that I see you at one of the next CiscoLive events.