Experienced Cyber Security Incident Response Lead with 15+ years in ICT, specialising in incident response, infrastructure and security optimization. Strong technical acumen, leadership, and strategic planning skills. Adept at solving complex problems, mentoring teams, and driving innovative solutions with automation, workflows, and strategic planning.
Hi, I’m
Robert Rockstroh
Cyber Security Incident Response Team Lead
Cranebrook,NSW
Summary
Overview
19
years of professional experience
Work History
Tyro Payments
Cyber Security Incident Detection & Response Lead
03.2024 - Current
Job overview
- Audit Preparation
- Monthly Metrics
- Staff managerial activities & enablement
- Monitor SIEM dashboards & analyse cyber threats across endpoint, server, and cloud
- Conduct Cyber Threat Intelligence (CTI) and hunting using OSINT & closed-source feeds.
- Develop playbooks & oversee use case development.
- Collaborate with industry counterparts.
- Leadership & Mentoring
Qantas
Cyber Incident Responder & Threat Intel Manager
01.2020 - 03.2024
Job overview
- Monitor SIEM dashboards & analyse cyber threats across endpoint, server, and cloud.
- Conduct Cyber Threat Intelligence (CTI) and hunting using OSINT & closed-source feeds
- Develop playbooks & oversee use case development.
Verizon
Senior CSIRT Consultant
06.2019 - 12.2019
Job overview
- Provided high-level CSIRT consultancy for enterprise clients.
- Implemented continuous improvement strategies for security operations.
- Mentored junior staff
- Provided cyber security advisory for internal stakeholders
Commonwealth Bank
CSIRT Analyst
11.2016 - 06.2019
Job overview
- Company Overview: (10+ years with CBA)
- Conducted SIEM investigations & tuned detection rules
- Performed forensic memory & disk analysis for malware investigations.
- Developed & optimized automated threat detection use cases
- Engaged in high-priority incident response with business stakeholders.
Commonwealth Bank of Australia
Cyber Security Centre Analyst
12.2015 - 11.2016
Job overview
- Triaged security alerts & escalated incidents to response teams
- Investigated IDS alerts & phishing attempts.
- Managed vendor relationships & security tool maintenance
Commonwealth Bank of Australia
Security Analyst
12.2010 - 12.2015
Job overview
- Managed web proxy & email security governance
- Conducted log analysis for security improvements.
- Led security change management initiatives.
Commonwealth Bank of Australia
Service Desk Analyst
09.2008 - 12.2010
Job overview
- Provided Level 1 & 2 technical support for internal business units.
- Managed multiple incident queues & met strict KPIs.
Telstra Bigpond
Service Desk Analyst
01.2007 - 09.2008
Job overview
- Provided technical support for internet connectivity issues.
- Trained & mentored new employees.
Education
SANS
GIAC Certified Incident Handler (GCIH) from Cyber Security
01-2020
University Overview
SANS
GIAC Certified Forensic Analyst (GCFA) from Cyber Security
12-2018
University Overview
TAFE NSW
GED
12-1999
University Overview
SANS
Studying: GIAC Cloud Threat Detection (GCTD) from Cyber Security
University Overview
Skills
- Incident Response
- DFIR
- Cyber Threat Intelligence
- SIEM (Splunk, Exabeam, SentinelOne)
- Threat hunting
- EDR (Crowdstrike, FireEye HX)
- Firewalls (Palo Alto, Cisco ASA)
- IDS/IPS
- Proxies (Bluecoat, Cisco Umbrella, Skyhigh)
- Email security (Ironport, Proofpoint, Defender)
- MITRE ATT&CK framework application
- Use case development
- Stakeholder management
- Playbook development
- Cyber security strategy
- Vendor relationship management
- AI tools (ChatGPT, Gemini, Co-pilot)
- Malware analysis
- Vulnerability Management
- Reporting and documentation
Projects & Leadership
Projects & Leadership
Phishing Investigation Automation
Designed and deployed logic to automate phishing triage using Proofpoint TAP/TRAP results and ChatGPT, built logic to assess inbox dwell time, and detect whether malicious emails had been contained before user interaction. Reduced manual investigation time and improved mean times.
Vulnerability management enrichment app
Built a Python-based app using ChatGPT to assess CVE exploitability and applicability based on CVSS data, environment context, and threat landscape Improved patch prioritization for security and infrastructure teams
AI-Powered CVE Analysis
Developed a second Python tool to query OpenAI and summarize CVEs with contextual relevance to internal assets, enabling the team to understand obscure vulnerabilities and prioritize patching with confidence
Business Support via Power Automate
Created a Microsoft Power Automate workflow to manage gift register submissions, freeing up compliance staff from manual processes Demonstrated proactive support of business functions outside cyber remit as part of Lean In objectives.
Leadership in Agile & Collaboration Tools
Regularly use Jira and Confluence to document security playbooks, manage sprints, and drive continuous improvement Established transparent and efficient collaboration processes with stakeholders across IT and business units.
Audit Preparation & Evidence Management (ISO 27001, RCSA, CIS)
Proven experience in preparing for and supporting audits across incident management, detection & response, and SIEM log ingestion. Skilled in building audit-ready evidence packs, documenting processes, and maintaining clear traceability of controls to reduce rework in future audits.
Timeline
Cyber Security Incident Detection & Response Lead
Tyro Payments
03.2024 - Current
Cyber Incident Responder & Threat Intel Manager
Qantas
01.2020 - 03.2024
Senior CSIRT Consultant
Verizon
06.2019 - 12.2019
CSIRT Analyst
Commonwealth Bank
11.2016 - 06.2019
Cyber Security Centre Analyst
Commonwealth Bank of Australia
12.2015 - 11.2016
Security Analyst
Commonwealth Bank of Australia
12.2010 - 12.2015
Service Desk Analyst
Commonwealth Bank of Australia
09.2008 - 12.2010
Service Desk Analyst
Telstra Bigpond
01.2007 - 09.2008
SANS
GIAC Certified Incident Handler (GCIH) from Cyber Security
SANS
GIAC Certified Forensic Analyst (GCFA) from Cyber Security
TAFE NSW
GED
SANS
Studying: GIAC Cloud Threat Detection (GCTD) from Cyber Security