Incident responder

Also see related Incident responder role profile.

Career story

Incident responder: Practitioner

Shaileigh, Queensland Government

Note: Shaileigh currently works in cyber threat intelligence but has a strong background in incident response so is featured in this pathway.

Tell me about your career journey up to your current role. How did you get started in your role?

I began my career by completing a Bachelor of Science at the University of Queensland, majoring in Computational Science and Zoology. My initial career interest was in zoology, with the intention of leveraging computational science to model complex ecological systems.

However, my career path shifted during a vacation placement with McGrathNicol, where I worked as an Undergraduate Analyst (Forensic Technology) in the Advisory team. During that time, I was introduced to the fields of data analytics and cyber security. This experience sparked a genuine passion for cyber security, particularly digital forensics and incident response, and inspired me to pursue it as a career.

Following university, I commenced a graduate program in Risk Advisory with a mid-tier accounting firm, starting the day after my final university exam. The role provided a broad exposure to enterprise risk, including data analytics and the development of Information Security Management Systems for clients. It was a valuable introduction to the principles of risk, governance, and cyber security practices in a commercial setting.

Seeking a more hands-on cyber security incident response experience, I transitioned into the Queensland Government’s Digital and ICT Graduate Program, joining the Queensland Police Service's Incident Response team. At the time, I had minimal knowledge of cyber security, but I was fortunate to be supported by a team of patient, knowledgeable professionals who were generous with their time and expertise. Their mentorship was instrumental to my growth, especially a dedicated mentor who continues to provide guidance and has played a key role in my professional development. This role gave me critical insights into incident response from a public sector perspective and an appreciation for the needs of internal organisational stakeholders during cyber incidents.

With a desire for a new challenge, I joined Boeing Defence Australia as an Information Security Adviser within the Global Security Activity team. This role allowed me to apply my incident response skills in a defence industry context and expand into threat intelligence. I helped develop and mature threat intelligence capabilities, creating both technical and written products tailored to executive and operational stakeholders.

I was drawn back to the public sector by the opportunity to contribute to broader, statewide cyber defence initiatives. I started initially as an Incident Response Lead, where I focused on enhancing the organisation’s incident response maturity and responding to threats across Queensland Government. From there, I transitioned into the Cyber Threat Intelligence team, where I currently serve as a Principal Intelligence Analyst. In this role, I focus on producing actionable, high-quality intelligence to inform and guide cyber security operations and risk management activities across the Queensland Government. My goal remains to make a tangible difference by supporting the security and privacy of Queenslanders through informed, proactive cyber defence.

What attracted you to your current role?

I was drawn to this role by the opportunity to make a meaningful impact on the cyber security posture of Queensland’s organisations, and by extension, to help protect the personal data of Queenslanders. My passion for cyber security stems from a broader motivation to help others, especially during high-stress situations such as security incidents.

Working in incident response within my agency allowed me to directly support organisations during times of crisis by applying structured, well-rehearsed response strategies. These practices not only contain and mitigate the effects of incidents more effectively but can also significantly reduce harm to both organisations and the individuals whose data they hold.

Cyber Threat Intelligence (CTI) has become a core area of interest for me. I’m especially drawn to the opportunity CTI offers to proactively identify and contextualise threats. By delivering intelligence that is both written and technical – such as in-depth threat briefings – I can ensure that risk is appropriately understood, prioritised, and addressed.

The ability to use my technical foundation in incident response to enhance cyber threat intelligence capabilities was a key factor in pursuing this role. I strive to answer the critical "so what?" in each piece of intelligence I produce, ensuring relevance and actionability for the diverse stakeholders across government. The blend of threat analysis, stakeholder engagement, and applied technical insight continues to fuel my passion for this role.

What were the key skills and job experiences from your previous career or role that helped you transition to your current role?

Several core skills and experiences from my previous roles laid a strong foundation for my transition into cyber threat intelligence and have been instrumental in my current role as a Principal Intelligence Analyst.

• Incident response expertise: My hands-on experience in incident response – particularly within government and defence sectors – gave me a deep understanding of how cyber incidents unfold in real-world environments. This includes working under pressure, following structured response procedures, and understanding the urgency and precision required when responding to threats.
• Knowledge of threat actor TTPs: Throughout my incident response work, I gained insight into threat actor tactics, techniques, and procedures (TTPs). This knowledge now informs my intelligence analysis, allowing me to identify and track threat patterns, assess relevance, and anticipate how threats may evolve.
• Technical acumen: My practical experience across different technical environments has enabled me to understand a wide range of systems and technologies. This has been essential for contextualising intelligence and producing technical products to support decision making.
• Business risk and governance understanding: My early career in risk advisory provided valuable exposure to enterprise risk, governance frameworks, and regulatory requirements. This has enabled me to align intelligence outputs with broader organisational risk management objectives and communicate cyber threats in a business-relevant context.
• Stakeholder communication: Across all my roles, clear and effective communication has been critical. Whether briefing key audiences during an incident, writing intelligence products, or liaising with operational teams, the ability to translate complex technical details into meaningful, actionable insights for diverse range of recipients has been one of the most transferable skills in my career progression.

Together, these experiences bridged the gap between technical cyber operations to the analytical demands of cyber threat intelligence. They’ve enabled me to approach threats from both a tactical and risk-aware perspective ensuring that intelligence produced is not only technically sound but also aligned to organisational needs.

Were there any specific learning and development courses or certifications that were helpful for you to make the switch or enter this role?

For me, the most valuable learning and development came through hands-on, on-the-job experience. Working directly in a queue and performing routine, sometimes repetitive tasks helped build a strong foundation in the basics of cyber security. This practical exposure was crucial in developing my skills and confidence to progress further in the field.

Alongside this, I found structured learning opportunities such as Retrospect Labs’ Ransomware Live Fire Exercise, workshops at cyber security conferences, and participation in various incident response or Capture The Flag (CTF) competitions provided scenarios that enhanced my incident response capabilities.

While these courses and competitions significantly contributed to my development, none alone were the defining factor in making the switch or entering the role. It was the combination of consistent, hands-on experience, continuous learning, and mentorship from experienced colleagues that truly facilitated my transition.

What key behavioural skills are most important for this role profile?

In my experience, several behavioural skills are essential for success in this role, but above all, a genuine passion for cyber security is what drives meaningful impact. This field is constantly evolving, and having an intrinsic motivation to protect systems and people from harm or make a difference is what sustains long-term interest and fuels continuous growth.

• Communication: Being able to translate complex technical insights into clear, actionable information for a range of stakeholders is essential. Whether it’s briefing executives, collaborating with peers, or supporting operational teams, effective communication ensures intelligence is relevant and usable by both technical and non-technical audiences.
• Problem solving: Threat intelligence requires piecing together fragmented information, identifying patterns, and assessing risk under uncertainty. Strong analytical thinking and deductive skills are key.
• An improvement and proactive mindset: The cyber threat landscape never stands still, and neither should we. Being open to feedback, embracing new tools or techniques, and actively seeking opportunities to refine processes are key to staying effective and ahead of emerging threats.
• Adaptability and lifelong learning: Cyber threats evolve rapidly. Being able to pivot quickly and staying updated with emerging threats, tools, and techniques ensures your methodology remains effective and relevant.

Ultimately, what ties all of these behavioural skills together is the desire to make a real difference – protecting people, data, and systems. That sense of purpose is what drives me and continues to shape my career in this field.

What key professional skills are most important?

In my experience, several professional skills have been essential to my work in cyber security, particularly across incident response, threat intelligence, and risk advisory roles:

• Threat analysis: The ability to collect, analyse, and contextualise threat information to produce relevant, actionable intelligence that enables decision makers.
• Incident response: Experience performing structured responses to cyber incidents builds the capacity to operate under pressure, make timely decisions, and conduct effective investigations and recovery efforts.
• Digital forensics: Experience in digital forensics supports understanding threat activity and informs intelligence assessments.
• Cyber operations and systems knowledge: A strong grasp of how systems, controls, and monitoring tools function and integrate is crucial for identifying anomalies, interpreting technical data, and supporting defensive measures.
• Security governance and compliance: Understanding policy, regulatory requirements, and governance frameworks ensures that intelligence and operational activities meet broader organisational and legal requirements.

Can you walk me through a typical day or week in your current role?

As a Principal Intelligence Analyst, my primary responsibility is to collect, analyse, and contextualise threat information to produce actionable intelligence that meets the needs of a diverse range of stakeholders.

A typical day involves gathering data from multiple sources aligned with predefined intelligence requirements. These sources can include open-source intelligence, dark web monitoring, trusted partnerships, incident data, and internal telemetry. From this, I create a variety of intelligence products, such as written briefings, alerts, and notifications tailored to both technical and executive audiences.

I regularly provide intelligence to security operations centre teams, incident response and incident management teams, and executives. Cyber Threat Intelligence (CTI) also supports a wide range of teams across an organisation, including various IT units, or any area where the threat is relevant to their operations or risk profile. Each group has different intelligence needs, and part of my role is ensuring the information delivered is relevant and digestible for their context.

One ongoing challenge in the CTI space, as the discipline continues to evolve, is helping stakeholders understand that threat intelligence extends beyond technical indicators or data feeds. A core part of my role is demonstrating the value of contextualised intelligence: linking threat actor behaviour with organisational risk, enabling proactive threat hunting, and delivering meaningful insights that answer the “so what?” for stakeholders. Bridging this understanding gap creates meaningful opportunities to strengthen cyber resilience, enhance decision-making, and elevate the strategic value of threat intelligence.

One of the most rewarding aspects of the role is knowing that the intelligence I provide has real-world impact. Whether it’s identifying compromised credentials or identity documentation and passing them on to the appropriate team for remediation, or proactively warning about emerging vulnerabilities or threats to prevent exploitation of systems, there is a clear sense of purpose in helping safeguard Queensland Government systems, and by extension, the people they serve.

What advice would you give to someone wanting to get started in or transition to a role that you are in?

My biggest piece of advice is to stay curious and be proactive. CTI is a field built on asking questions, connecting the dots, and seeking to understand not just what’s happening, but why it matters.

Your ability to analyse information critically, communicate clearly, and understand risk in context is important. If you can explain complex topics simply, that’s a huge asset.

Start by building foundational knowledge through hands-on experiences where you can, whether that’s working in a SOC, participating in incident response, or doing entry-level analytical work. These roles give you exposure to how threats manifest in real environments, which is critical to developing useful, relevant intelligence.

Also, keep in mind that cyber security has many different niches. The key is to find the one that aligns with your strengths and interests. Whether you’re someone who enjoys deep diving into technical detail or prefers creating policy documentation, there’s a place for you. Passion and genuine interest will help you stay motivated and continuously grow.

Take part in community learning opportunities; there are many groups and conferences that welcome new people to the space. Seek out mentors, read widely, and don’t underestimate the value of doing the basics well.

Finally, be patient with yourself. CTI is a discipline that develops over time. Every incident, briefing, or investigation helps sharpen your instincts and build your expertise. Stay engaged, stay adaptable, and you’ll find your path into the role.