Get to know the Elastic Community series: Meet Nicholas Penning
Nicholas Penning has been in the tech industry for about 20 years. Half of this time has been in cybersecurity. He is originally from the state of Wyoming, where he got his foundation in computers from countless hours of building computers and networks and cleaning up infected computer systems. Nicholas continued his education at Dakota State University in South Dakota, where he was able to learn about cybersecurity.
When did you first embrace Elastic as a technology?
Around 2018, I started exploring the ELK Stack and became very familiar with the ability to ingest and search large volumes of data. The open-source nature of the product was very appealing and made it very easy to get started with the platform.
What is the most memorable moment in your career?
The most memorable moment was being able to wield Elastic® as an open platform that allowed me and my team to fully automate a process that once took 20 hours a month between 2–3 staff. This was not only a huge time saver, but as an added benefit we could now visualize and search on the data for threats in a new capacity.
What do you believe are good opportunities for the cybersecurity field to leverage from generative AI? Any use case you'd like to share?
I believe one good use case for generative AI in the cybersecurity field would be the streamlining of reports. For example, imagine an incident response team has engaged with an adversary and performed all of the steps to successfully mitigate a threat leveraging a search and case management platform that contains all of the data pertaining to an incident. Using generative AI, I could see the opportunity to generate a report that would consist of the entire timeline of events that occurred during the incident, what actions were taken, metrics/kpis, diagrams, and even some good hot wash questions that should be considered to improve the incident handling or detect and prevent similar threats in the future.
Have you spoken at any meetup groups or conferences? If so, how did you like it?
Yes. I have spoken at a virtual ElasticON and a meetup or two. They are great opportunities to network with others in the field, and it’s always a great time to share knowledge and experiences.
What are your favorite things about the Elastic community?
My favorite things about the Elastic community are how involved Elastic employees are and the variety of organizations (small to large) that are always willing to jump in to solve a problem or answer a question. Everything between understanding features and functionality of the stack to gathering feedback from many of the real-world users out there on emergent or significant issues that can be communicated to Elastic to resolve. The ability to ask a question to such a large and diverse audience has proven to add value to the Elastic product stack. The last thing to mention is that the community is very open to using an instant messaging platform to get great discussions going between beginners and experts of the stack.
What would you recommend for folks who want to start their career in cybersecurity?
I would recommend that anyone getting into cybersecurity should understand the importance of logging computer systems and networks for the purpose of identifying threats. Traditionally this is called a security information and event management system (SIEM), and in my opinion, it is one of the most significant tools in a cybersecurity analyst’s toolkit to be effective in thwarting cyber threats.
Once the concept of SIEM is understood, I would then recommend learning how to script (using Python or Powershell), how to use regular expressions (regex), and how application programming interfaces (APIs) work. The combination of scripting, regex, and APIs will allow you to build just about anything as a cybersecurity analyst to understand and automate tools that will be a force multiplier for security operations-centered careers. The Elastic Stack will assist with all of these recommendations as it has open APIs and highly versatile enrich capabilities to use regex to break your data down to even more useful capacities.
Any final thoughts you'd like to share?
The world needs more cybersecurity professionals. It's an exciting career and there are many disciplines, so don't think you need to focus on just one or have to know them all. Lastly, join the cybersecurity communities out there to get more involved by helping or learning from others. Cybersecurity focused communities are something I wish were more prevalent and open 10 years ago when I started, so take advantage of them!
(Note: All of these opinions and views are my own and are not intended to reflect those of my employers.)