Hey there! 👋
I'm Nicholas Pecka
I work in cybersecurity — building defenses, tuning detection systems, and helping organizations make sense of threats before they become incidents.
Most of my career has been spent in areas like SIEM engineering, vulnerability management, and cloud security operations. Outside of work, I'm also a PhD researcher focused on improving how we do threat modeling. The current process is overly manual, and I'm exploring ways to automate and evolve it — though I'll save the deeper details for after publication.
PeckaCyber is my corner of the internet to write about what I'm learning, building, and thinking through. Expect posts on security operations, automation, home lab experiments, and observations from working in the industry.
I'm not here to sell fear or pretend there's one perfect tool. I'm here to talk through what actually works, what doesn't, and where we go from here.
If that sounds like your kind of thing, I hope you'll stick around!
What You'll Find Here
Research
Updates from my PhD work on threat modeling, published papers, conference presentations, and deep dives into security research topics.
Browse Research →Homelab & Small Business Guides
Practical, step-by-step guides for implementing security tools and practices in resource-constrained environments. From getting started to advanced deployments.
Browse Guides →Courses
Structured learning paths covering cybersecurity fundamentals, network security, threat analysis, and practical implementations for homelabs and small businesses.
Browse Courses →A Bit More About Me
Professional Background: I've spent years working across different areas of cybersecurity — from building and maintaining SIEM platforms to managing vulnerability programs and securing cloud infrastructure. My focus has always been on practical security: what actually works in the real world, not just what looks good on paper.
Academic Research: As a PhD researcher, I'm investigating ways to improve threat modeling processes. Traditional approaches are too manual and don't scale well for modern systems. I'm exploring automation and better methodologies to make threat modeling more accessible and effective.
The Homelab: I run an extensive homelab where I test security tools, practice implementations, and experiment with different technologies. Many of the guides and courses here come directly from hands-on experience in my lab.
My Approach
I believe in practical, honest security. No FUD (fear, uncertainty, doubt). No claiming one tool solves everything. Just real experiences, what worked, what didn't, and the lessons learned along the way.
Security is about making informed decisions with the resources you have. Whether you're protecting a homelab or a small business, the fundamentals matter more than expensive enterprise solutions.