Anwer Gertani
Washington, DC
My career spans the full kill chain from the defender’s side — from Tier 1 SOC analyst monitoring alerts at a global bank, to leading incident response engagements, to reverse-engineering the advanced malware behind those incidents. That progression is not common. It means I understand threats the way the adversary intended them, not just the way a dashboard summarises them.
That career taught me something the industry still hasn’t fully reckoned with: Fortune 500 companies are no longer just facing human adversaries. Nation-state groups and sophisticated criminal organisations are using AI to generate custom malware variants at scale, automate lateral movement, and compress the time from initial access to full compromise. Industry threat research has documented a 27-second adversary breakout time in 2026 — the fastest ever recorded — alongside an 89 percent surge in AI-enabled attacks. The question is no longer whether your defences will face AI-enabled threats. It is whether your defences are AI-enabled enough to survive them.
I’ve spent the last four years building the answer to that question — from byte-transformer models that detect EDR-evading malware without signatures, to automated IR pipelines that contain threats in minutes rather than hours, to SOAR workflows that handle 80 percent of alert triage before a human touches it. AI-augmented defence is not a future state. It is the operational baseline required to stay ahead of the threat landscape that exists today.
What I Build
Build a SOC that scales with AI and automation
Adversaries now move faster than human analysts can triage manually — the average eCrime breakout time is 29 minutes, the fastest recorded just 27 seconds. Design security operations centres that replace the T1–3 model with AI-driven detection, automated enrichment, and decision-support tooling that keeps pace with that speed.
Read moreBuild malware reverse engineering teams and AI-augmented analysis capabilities
AI-enabled threat actors generated 450,000+ new malware samples per day in 2025, with 82% using evasion techniques that defeat signature-based detection. Stand up dedicated RE functions with AI-augmented pipelines — byte-transformer models, automated unpacking, and LLM-assisted decompilation — that analyse in minutes what took weeks manually.
Read moreBuild IR programmes for Fortune 500 companies with global presence
With breach costs averaging $4.88M globally and AI-enabled adversaries compressing time-to-impact to under 72 minutes, mature IR programmes save an average of $2.03M per incident versus organisations without them. Design enterprise IR at the scale Fortune 500 companies actually operate — follow-the-sun, automated playbooks, AI-accelerated containment.
Read moreAI-augmented SOAR and security automation
75% of analyst time is currently lost to manual triage — hours that AI-enabled adversaries use to move laterally while defenders are still correlating alerts. Implement SOAR platforms augmented with AI that automate triage, enrichment, and response orchestration, returning that time to the work that actually requires human judgement.
Read moreAPT tracking and enterprise threat intelligence
Nation-state actors now use AI to accelerate reconnaissance, customise implants per target, and rotate infrastructure automatically — contributing to a 163% increase in espionage-related breaches in 2025. Track the groups targeting your sector with intelligence built from direct adversary engagement, not vendor reports.
Read moreBuild AI-driven managed detection and response programs
Traditional detection averages 277 days — a window AI-assisted adversaries now exploit within hours. Design MDR programmes with AI at the core: machine learning detection trained on real adversary behaviour, automated response that resolves 52% of cases without human intervention, and continuous model retraining that keeps detection ahead of evolving threats.
Read moreMy Journey
2025
Present
Senior Manager — Malware Reverse Engineering & Incident Response
Deloitte · Arlington, VA
Leads Deloitte's global malware reverse engineering and incident response practice at the Senior Manager level. Directs the team's AI integration roadmap — including byte-transformer detection agents, automated malware analysis pipelines, and AI-augmented IR workflows — while expanding the programme's coverage to address AI-accelerated threat actor techniques across the firm's global client base.
2021
2025
Malware Reverse Engineering Manager — Incident Response & Threat Intelligence
Deloitte · Arlington, VA
Lead a team of six malware reverse engineers, developers, and cloud architects on a follow-the-sun model handling malware incidents and active malware analysis for the global cyber defense team and external clients.
2019
2021
Senior Malware Reverse Engineer — Incident Response & Threat Intelligence
Deloitte · Arlington, VA
Drove threat intelligence and deep malware reverse engineering for APT campaigns, building the tooling and analysis environments that scaled the team’s output.
2018
2019
Incident Response Lead & Senior Cyber Threat Analyst
College Board · Reston, VA
Led incident response and senior threat analysis for the College Board security organization.
2015
2018
SOC Analyst & SOC Lead — Tiers 1–3 (progressive roles)
KFH Bank — Global Security Operations Center · Kuwait
Progressed through Tier 1–3 SOC roles and into SOC lead at a global bank SOC, handling detection, triage, and incident response across the enterprise.
From the Desk
Writing & notes
May 17, 2026
Start With Decisions, Not Data
The right question is not what should I collect. It is what decisions does my security operation make every day — and which twenty are killing my team.
- AI / ML
- Security Operations
- Strategy
May 10, 2026
Why AI Security Programmes Fail Before They Start
The most common AI security failure mode: applying AI to processes that were never defined, documented, or cleaned up. You do not automate chaos. You accelerate it.
- AI / ML
- Security Operations
- Leadership
May 3, 2026
Define Your Operations Before You Instrument Them
SOC, IR, and Threat Intel are not three separate teams. They are one interconnected decision system. Map it as such, or your AI programme will optimise the parts while breaking the whole.
- Security Operations
- SOC
- Strategy