SCHEDULE

Behind the Scenes at Cisco Security PvT 2025

Home » Blog » Behind the Scenes at Cisco Security PvT 2025
Iztok Umek Instructor
17 December 2025

In November 2025, I had the chance to attend the winter edition of the Cisco Security PVT meeting in Amsterdam, in person. It was an intense few days of briefings, demos, and hallway conversations, and this blog captures a few of the ideas that stayed with me the most afterward.

Cisco Security PvT in November 2025

Artificial intelligence (AI) has officially moved from “interesting side project” to “main character,” and nowhere was that clearer than at the Cisco Security PvT in Amsterdam this November. I am new to the Cisco world, coming in through a Cisco partner that builds education for Cisco technologies, but I have spent decades in information security on both the consulting and training sides.

The Security PVT was the first time those perspectives really converged for me: strong product vision on stage, and in the back of my mind the constant question, “How do we turn this into learning that actually helps people do their jobs?”

A clear pattern ran through the event. AI, identity, and cloud-native architectures are reshaping security faster than most organizations can reorganize their teams. Hybrid mesh firewalls, Universal Zero Trust Network Access (UZTNA), Cisco Secure Access, Cisco Identity Services Engine (ISE), Cisco Duo Identity and Access Management (Duo IAM), Isovalent, AppOmni, and Cisco AI Defense all fit into one story: the traditional perimeter is gone, identity is the anchor, and enforcement has to be distributed but coordinated.

From big metal box to “firewalling everywhere”

One of my first “update your mental model” moments came in the Hybrid Mesh Firewall session. The familiar picture of a single big firewall at the edge suddenly felt very old.

The new picture is “firewalling everywhere,” and this time it feels very real. Physical and virtual firewalls, cloud gateways, software defined wide area network (SD WAN), smart switches, and enforcement in the operating system all take policy from Cisco Security Cloud Control. You express intent once, for example “this group of users, these applications, under these conditions,” and Security Group Tags (SGT) carry that intent from campus to branch to cloud.

As someone who teaches for a living, that changes the narrative. It is no longer enough to show how to add rules. We need to show how to describe business intent in policy and then follow where it is enforced across the environment.

The user edge grows up

Universal Zero Trust Network Access (UZTNA) and Cisco Secure Access provided another big moment of clarity. UZTNA treats zero trust as the default for everyone, not just remote users. One client handles remote access virtual private network (RA VPN), posture checks, ZTNA, Domain Name System (DNS) security, and digital experience monitoring, wherever the user is.

Cisco Secure Access sits in the cloud as the security edge. It combines secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and ZTNA. The Agentic Operations (Agentic Ops) features that highlight capacity risks, messy policies, and missed best practices felt very practical. Those are exactly the kinds of signals we should build into labs so learners do not just configure features, they learn how to read what the platform is telling them.

News

NIL Learning Named Cisco Learning Partner of the Year for EMEA South Theatre at Cisco Partner Summit 2025

6 November 2025
We are proud to announce that NIL Learning has been recognized as the Cisco Learning Partner of the Year for EMEA South Theatre at the […]
Read more

Identity takes center stage

If the Cisco Security PVT had a main character, it was identity.

Cisco Identity Services Engine (ISE) kept appearing as the context engine: profiling devices, assigning SGTs, and sharing that information with firewalls, SD WAN, and Secure Access. Cisco Duo Identity and Access Management (Duo IAM) moved clearly into full identity and access management with password-less, proximity aware logins, Duo as directory and identity broker, and identity verification for sensitive actions.

Cisco Identity Intelligence then adds a dynamic trust layer. Accounts, whether human or not, gain or lose trust based on behavior and posture. That is rich material for education, from risk-based access to identity driven policies and how identity signals feed into Secure Access and Cisco XDR.

Side doors, SaaS, runtime, and AI

Another recurring message was that attackers are not just hammering the front door anymore. They use side paths: misconfigured software as a service (SaaS), over trusted integrations, and AI tools that appeared without a proper risk review.

Isovalent runtime security demos made Kubernetes and Linux feel less opaque by showing how process behavior can be observed and blocked without touching application code. AppOmni and its SaaS Security Posture Management (SSPM) story mapped very well to real challenges: large SaaS estates, shadow integrations, and OAuth grants nobody has revisited in years.

On top of this, Cisco AI Defense framed AI security in concrete steps: discovering AI assets, checking AI supply chains, stress testing models, and enforcing guardrails on prompts and responses.

Looking ahead

Amsterdam in November 2025

Walking out into the cold Amsterdam air after the last session, I had that familiar mix of “brain full” and “time to get to work.” Full, because there is a lot to absorb. Motivated, because the direction is clear: identity centric, AI aware, cloud native, and much more integrated than the fragmented stacks many of us started with.

As a relatively new Cisco-side educator with a long background in security, the Cisco Security PvT crystallized the next phase of the job for me. Our task now is to turn this “firewalling everywhere,” identity-first, AI-aware architecture into understandable, hands-on learning paths that help real teams keep up and use it. That is a challenge I am genuinely excited to take on.