-
My Approach to Agentic AI Implementation
My account of building an agentic SOC from scratch. What the calibration run Sprint revealed and how those findings carried out in Sprint 2.
-
Why DNS Alerts are the first scenario
DNS lookups are the first observable network artifact of a compromise and one of the noisiest alert types in a SOC queue. Here's why I started there.
-
The Escalation Chain: How TORA and VERA Hand Off a Case
TORA triages. VERA investigates. The handoff between them is not a queue — it is a structured contract. This is the architecture of the escalation chain and why every field in it is intentional.
-
Phase 1: Why Context, Auditability, and Synthetic Inputs
Why Phase 1 starts with synthetic inputs, why every TORA and VERA decision carries a full reasoning trace, and why context is the variable that determines whether an AI agent is useful or dangerous in a SOC.
-
How the Escalation Chain Works
A closer look at how TORA, VERA, and NOVA are structured — how alerts move between tiers, what context travels with them, and what NOVA watches from above.
-
Anatomy of an Autonomous SOC
A public research journal on autonomous security operations. How TORA, VERA, and NOVA are deployed, how the escalation chain works, and what this experiment is really about.