Summary
Overview
Work History
Education
Skills
Projects & Leadership
Timeline
Hi, I’m

Robert Rockstroh

Cyber Security Incident Response Team Lead
Cranebrook,NSW
Robert Rockstroh

Summary

Experienced Cyber Security Incident Response Lead with 15+ years in ICT, specialising in incident response, infrastructure and security optimization. Strong technical acumen, leadership, and strategic planning skills. Adept at solving complex problems, mentoring teams, and driving innovative solutions with automation, workflows, and strategic planning.

Overview

19
years of professional experience

Work History

Tyro Payments

Cyber Security Incident Detection & Response Lead
03.2024 - Current

Job overview

  • Audit Preparation
  • Monthly Metrics
  • Staff managerial activities & enablement
  • Monitor SIEM dashboards & analyse cyber threats across endpoint, server, and cloud
  • Conduct Cyber Threat Intelligence (CTI) and hunting using OSINT & closed-source feeds.
  • Develop playbooks & oversee use case development.
  • Collaborate with industry counterparts.
  • Leadership & Mentoring

Qantas

Cyber Incident Responder & Threat Intel Manager
01.2020 - 03.2024

Job overview

  • Monitor SIEM dashboards & analyse cyber threats across endpoint, server, and cloud.
  • Conduct Cyber Threat Intelligence (CTI) and hunting using OSINT & closed-source feeds
  • Develop playbooks & oversee use case development.

Verizon

Senior CSIRT Consultant
06.2019 - 12.2019

Job overview

  • Provided high-level CSIRT consultancy for enterprise clients.
  • Implemented continuous improvement strategies for security operations.
  • Mentored junior staff
  • Provided cyber security advisory for internal stakeholders

Commonwealth Bank

CSIRT Analyst
11.2016 - 06.2019

Job overview

  • Company Overview: (10+ years with CBA)
  • Conducted SIEM investigations & tuned detection rules
  • Performed forensic memory & disk analysis for malware investigations.
  • Developed & optimized automated threat detection use cases
  • Engaged in high-priority incident response with business stakeholders.

Commonwealth Bank of Australia

Cyber Security Centre Analyst
12.2015 - 11.2016

Job overview

  • Triaged security alerts & escalated incidents to response teams
  • Investigated IDS alerts & phishing attempts.
  • Managed vendor relationships & security tool maintenance

Commonwealth Bank of Australia

Security Analyst
12.2010 - 12.2015

Job overview

  • Managed web proxy & email security governance
  • Conducted log analysis for security improvements.
  • Led security change management initiatives.

Commonwealth Bank of Australia

Service Desk Analyst
09.2008 - 12.2010

Job overview

  • Provided Level 1 & 2 technical support for internal business units.
  • Managed multiple incident queues & met strict KPIs.

Telstra Bigpond

Service Desk Analyst
01.2007 - 09.2008

Job overview

  • Provided technical support for internet connectivity issues.
  • Trained & mentored new employees.

Education

SANS

GIAC Certified Incident Handler (GCIH) from Cyber Security
01-2020

University Overview

SANS

GIAC Certified Forensic Analyst (GCFA) from Cyber Security
12-2018

University Overview

TAFE NSW

GED
12-1999

University Overview

SANS

Studying: GIAC Cloud Threat Detection (GCTD) from Cyber Security

University Overview

Skills

  • Incident Response
  • DFIR
  • Cyber Threat Intelligence
  • SIEM (Splunk, Exabeam, SentinelOne)
  • Threat hunting
  • EDR (Crowdstrike, FireEye HX)
  • Firewalls (Palo Alto, Cisco ASA)
  • IDS/IPS
  • Proxies (Bluecoat, Cisco Umbrella, Skyhigh)
  • Email security (Ironport, Proofpoint, Defender)
  • MITRE ATT&CK framework application
  • Use case development
  • Stakeholder management
  • Playbook development
  • Cyber security strategy
  • Vendor relationship management
  • AI tools (ChatGPT, Gemini, Co-pilot)
  • Malware analysis
  • Vulnerability Management
  • Reporting and documentation

Projects & Leadership

Projects & Leadership

Phishing Investigation Automation

Designed and deployed logic to automate phishing triage using Proofpoint TAP/TRAP results and ChatGPT, built logic to assess inbox dwell time, and detect whether malicious emails had been contained before user interaction. Reduced manual investigation time and improved mean times.

Vulnerability management enrichment app

Built a Python-based app using ChatGPT to assess CVE exploitability and applicability based on CVSS data, environment context, and threat landscape Improved patch prioritization for security and infrastructure teams

AI-Powered CVE Analysis

Developed a second Python tool to query OpenAI and summarize CVEs with contextual relevance to internal assets, enabling the team to understand obscure vulnerabilities and prioritize patching with confidence

Business Support via Power Automate

Created a Microsoft Power Automate workflow to manage gift register submissions, freeing up compliance staff from manual processes Demonstrated proactive support of business functions outside cyber remit as part of Lean In objectives.

Leadership in Agile & Collaboration Tools

Regularly use Jira and Confluence to document security playbooks, manage sprints, and drive continuous improvement Established transparent and efficient collaboration processes with stakeholders across IT and business units.

Audit Preparation & Evidence Management (ISO 27001, RCSA, CIS)
Proven experience in preparing for and supporting audits across incident management, detection & response, and SIEM log ingestion. Skilled in building audit-ready evidence packs, documenting processes, and maintaining clear traceability of controls to reduce rework in future audits.

Timeline

Cyber Security Incident Detection & Response Lead
Tyro Payments
03.2024 - Current
Cyber Incident Responder & Threat Intel Manager
Qantas
01.2020 - 03.2024
Senior CSIRT Consultant
Verizon
06.2019 - 12.2019
CSIRT Analyst
Commonwealth Bank
11.2016 - 06.2019
Cyber Security Centre Analyst
Commonwealth Bank of Australia
12.2015 - 11.2016
Security Analyst
Commonwealth Bank of Australia
12.2010 - 12.2015
Service Desk Analyst
Commonwealth Bank of Australia
09.2008 - 12.2010
Service Desk Analyst
Telstra Bigpond
01.2007 - 09.2008
SANS
GIAC Certified Incident Handler (GCIH) from Cyber Security
SANS
GIAC Certified Forensic Analyst (GCFA) from Cyber Security
TAFE NSW
GED
SANS
Studying: GIAC Cloud Threat Detection (GCTD) from Cyber Security
Robert RockstrohCyber Security Incident Response Team Lead