Kick off your book project in 3 hours! Live workshop on Zoom. You’ll leave with a real book project, progress on your first chapter, and a clear plan to keep going. Saturday, June 6, 2026. Learn more…

Leanpub Header

Skip to main content
Go to Leanpub.com

BROWFIELD AGENTIC SOC

Modernize Without Replacing

Zsolt L. Kocsis

After more than twenty years at IBM — including roles as Regional Technical Leader for Security Technologies and Tivoli Software across Central and Eastern Europe — I have seen many SOC modernization projects. Organizations consistently face the same dilemma: substantial existing investments in SIEM, SOAR, processes, and human expertise versus the urgent need to keep pace with AI-powered threats.

Most vendors pushed rip-and-replace cloud solutions. I took a different path.

The Brownfield Agentic SOC concept was born from the realization that modernization does not require replacement. It is possible — and often far more effective — to intelligently augment existing infrastructure with multi-level AI agents, dynamic business context, structured investigation, and strong governance, while preserving data sovereignty and human judgment.

This book is intentionally practical and conceptual. Certain advanced techniques (self-healing patterns, zero-visible-downtime adaptation, tamper-evident intelligent audit) are subject to pending patent protection and are presented here at architectural level only.

I wrote this book for three audiences:

  • CISOs and SOC leaders in regulated industries seeking realistic modernization
  • Security architects responsible for next-generation operations
  • Teams that prioritize sovereignty, compliance, and human-AI collaboration

My goal is to provide a clear, actionable blueprint that respects real-world constraints while delivering measurable improvement.

I hope this book inspires and equips you to build more resilient, intelligent, and sovereign Security Operations Centers.

Zsolt L. Kocsis, M.Sc., MBA Associate Professor honoris causa Budapest University of Technology and Economics (BME) May 2026

Minimum price

$24.90

$39.90

You pay

Author earns

$
PDF
EPUB
About

About

About the Book

In 2025–2026, AI-powered adversaries operate at machine speed while traditional Security Operations Centers struggle with massive alert volumes, false-positive rates above 90 %, lack of real-time business context, and analyst burnout. Most organizations have already made substantial investments in SIEM and SOAR platforms — investments they cannot afford to discard. Strict regulatory requirements and data sovereignty concerns make “rip-and-replace” projects unacceptable. 

Brownfield Agentic SOC offers the smarter path. 

This book delivers a complete, high-level blueprint for evolving your existing SOC into a next-generation, intelligent, and sovereign security operations capability — without replacing what already works. Discover how to: • Dramatically reduce false positives with real-time Dynamic Business Context Integration (AOC) 
• Build true human-AI partnership through a multi-level agent hierarchy

• Enable structured, hypothesis-driven investigations using the Diamond Model

• Implement tamper-evident audit, closed-loop governance, and continuous self-learning. 

Share this book

Categories

Artificial IntelligenceResiliencyComputer Security

Feedback

Email the Author

Author

About the Author

Zsolt L. Kocsis

Zsolt L. Kocsis, M.Sc., MBA Associate Professor honoris causa at Budapest University of Technology and Economics (BME)

Zsolt L. Kocsis is a seasoned cybersecurity leader with over 15 years of experience in security technology, SOC design, and large-scale security transformation projects. During his tenure at IBM as Regional Technical Leader for Security Technologies, he supported numerous enterprise clients across Central and Eastern Europe in building and modernizing their Security Operations Centers.

His expertise spans SIEM and SOAR platform implementation, threat detection strategy development, incident response process optimization, and the integration of emerging technologies into operational security environments. Zsolt has led multiple complex SOC modernization initiatives, helping organizations transition from reactive, alert-heavy operations to more intelligent, business-aligned security capabilities.

He holds an M.Sc. in Computer Science and an MBA degree. In recognition of his contributions to cybersecurity education and research, he was awarded the title of Associate Professor honoris causa at the Budapest University of Technology and Economics (BME).

Zsolt is passionate about bridging the gap between advanced technology and practical, human-centered security operations. Through this book, he shares the lessons learned from real-world projects and presents a comprehensive blueprint for building the next generation of intelligent Security Operations Centers — one that modernizes existing infrastructure while preserving human expertise and data sovereignty.

Contents

Table of Contents

Table of Content Brownfield Agentic SOC 1 Executive Summary 5 Preface 8 About the Author 9 Chapter 1 The Crisis of Traditional Security Operations 10 1.1 The Limitations of Legacy SOC Architectures 10 1.2 The 2025-2026 Cyber Attack Landscape: The AI Arms Race 10 1.3 Why Traditional SOCs Are No Longer Enough 11 1.4 The Vision of the Agentic SOC 11 Chapter 2 Understanding the Evolution and Limitations of Traditional SOCs 12 2.1 The Traditional SOC Model – A Historical Perspective 12 2.2 Why the Traditional Model Is Breaking Down 12 2.3 The Need for a New Paradigm 12 2.4 From Reactive to Agentic 13 Chapter 3 Evolution from Traditional SIEM/SOAR SOC to Agentic SOC 14 Chapter 4 Core Building Blocks of the Agentic SOC 16 4.1 The Four Pillars of the Agentic SOC 16 4.2 Brownfield Design Philosophy 16 4.3 Integration with Existing Technologies 17 4.4 The Critical Role of the Test & Adversary Simulation Layer 17 4.5 Transition from Traditional to Agentic Operations 17 4.6 Looking Ahead 17 Chapter 5 Use Cases and Detection Strategies 18 5.1 What Makes a Use Case Effective? 18 5.2 Use Case Development Lifecycle 18 5.3 Practical Use Case Examples 19 5.4 Maintaining and Evolving the Use Case Library 19 5.5 How Use Cases Operate in the Agentic SOC 19 5.6 From Static Rules to Intelligent, Context-Aware Detection 20 5.7 Getting Started with Use Cases 20 Chapter 6 Agent Architecture and Collaboration 21 6.1 The Agent Hierarchy 21 6.2 Human-AI Collaboration Model 21 6.3 Closed-Loop Self-Learning 22 6.4 Practical Implications for SOC Teams 22 Chapter 7 SOAR as Central Orchestrator 23 7.1 The New Role of SOAR 23 7.2 Orchestration Patterns 23 7.3 Integration with the Agent Hierarchy and Human Oversight 23 7.4 Governance and Practical Implications 24 7.5 Practical Implications for SOC Operations 24 Chapter 8 Dynamic Business Context Integration: Concept, Risk Scoring and Practical Implementation 25 8.1 What is Dynamic Business Context Integration? 25 8.2 How Dynamic Business Context Integration Works 25 8.3 Benefits and Measurable Impact 26 8.4 Practical Implementation Considerations 26 8.5 Strategic Importance 27 Chapter 9 Structured Investigation Using the Diamond Model in Modern Security Operations 27 9.1 The Diamond Model – A Foundation for Structured Investigation 27 9.2 The Role of Dedicated Investigation Capabilities 28 9.3 Integration with Business Context 28 9.4 Practical Benefits 29 9.5 From Reactive to Proactive Investigation 29 Chapter 10 Dual Portal System Architecture 30 10.1 The Two Portals 30 10.2 Key Design Principles of the Dual Portal System 31 10.3 Benefits of the Dual Portal Approach 31 10.4 Implementation Considerations 31 Chapter 11 Audit, Governance and Self-Learning in the Agentic SOC 32 11.1 The Governance Imperative in Agentic Environments 32 11.2 Architecture of the Tamper-Evident Protected Audit Repository 32 11.3 Structured Decision Recording and Explainability 33 11.4 Closed-Loop Continuous Improvement 33 11.5 Seamless Integration with the Four Pillars 34 11.6 Compliance and Regulatory Advantages 34 11.7 Strategic Importance: From Logging to Intelligent Governance 34 Chapter 12 On-Premise Implementation Architecture 36 12.1 The Three-Layer Implementation Architecture 36 12.2 Key Design Principles 37 12.3 Security Boundaries and Log Flow 37 12.4 Implementation Roadmap 37 Chapter 12.5 LLM Operational Challenges in Production Agentic SOC Environments 38 12.6 Conclusion and Forward Path 39 Chapter 13 SOC Maturity Model and Transition Roadmap 41 13.1 Why We Need Both Models: Generations vs. Maturity Levels 41 13.2 The Agentic SOC Maturity Model 42 13.3 Mapping Maturity Levels to Architecture and Generations 42 Chapter 14 Educational and Research Applications of the Agentic SOC 43 14.1 Educational Use Cases 43 14.2 Research Opportunities 43 14.3 Capture The Flag (CTF) and Cyber Range Competitions 44 14.4 Integration into Academic Curricula 44 Chapter 15 Vision of a Mature Intelligent SOC 46 15.1 Characteristics of a Level 5 Mature Agentic SOC 46 15.2 The Evolved Role of the Human Analyst 47 15.3 Benefits Realized at Maturity 47 15.4 The Journey Matters More Than the Destination 47 15.5 Final Thought 48 Appendices 49 Appendix A Use Case Catalog 49 Appendix B List of Figures 54 Appendix C Glossary 56 Appendix D References 58 Appendix E Demonstrative Scenarios: Analysis of the Same Incident from Different Perspectives 60

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub