Anwer Gertani
The security leader who still opens binaries.
Washington, DC
Over the past decade I’ve reverse-engineered hundreds of malware samples — APT implants, banking trojans, custom packers — and used what I learned to change security architectures, brief executives, and build detection capabilities that outlasted the original threat. That technical grounding is what most CISOs lose on the way up. I kept it deliberately, and it changes every decision I make.
When I’m in a vendor evaluation I can open the product in a sandboxed environment and verify whether it actually catches what I’m seeing in the wild. When a novel EDR-evasion technique surfaces in a Tuesday sample, I can turn it into a board-level risk conversation by Thursday — not by dumbing it down, but by finding the governance decision hiding inside the technical finding.
The work I’m most proud of isn’t any single malware find. It’s the follow-the-sun team of six that now handles novel threats, runs IR engagements, and ships production tooling without me in the room. Building toward your own irrelevance is the job.
My Journey
2021
Present
Malware Reverse Engineering Manager — Incident Response & Threat Intelligence
Deloitte · Arlington, VA
Lead a team of six malware reverse engineers, developers, and cloud architects on a follow-the-sun model handling malware incidents and active malware analysis for the global cyber defense team and external clients.
500K+
assets protected
2019
2021
Senior Malware Reverse Engineer — Incident Response & Threat Intelligence
Deloitte · Arlington, VA
Drove threat intelligence and deep malware reverse engineering for APT campaigns, building the tooling and analysis environments that scaled the team’s output.
2018
2019
Incident Response Lead & Senior Cyber Threat Analyst
College Board · Reston, VA
Led incident response and senior threat analysis for the College Board security organization.
2015
2018
SOC Analyst & SOC Lead — Tiers 1–3 (progressive roles)
KFH Bank — Global Security Operations Center · Kuwait
Progressed through Tier 1–3 SOC roles and into SOC lead at a global bank SOC, handling detection, triage, and incident response across the enterprise.
Continuous practice
- CISSP (ISC)² · #02743155
- SSCP (ISC)² · #581892
- SANS SEC595 — Applied Data Science & Machine Learning for Cybersecurity (SANS Institute, 2024)
- Hex-Rays IDA Pro Advanced Decompiler Training (Hex-Rays, 2024)
- Hex-Rays IDA Pro Advanced Malware Techniques (Hex-Rays, 2025)
- Hex-Rays IDA Pro Advanced Programming & C++ Extensions (Hex-Rays, 2024)
- Binary Literacy for Static Reverse Engineering (Mobius Strip Reverse Engineering, 2023)
- SMT-Based Binary Program Analysis (Mobius Strip Reverse Engineering, 2023)
- Advanced Windows Kernel Rootkit Techniques (Black Hat Las Vegas, 2020)
- Windows Internals — Zero Ring Training (Las Vegas, 2021)
Academic foundation
Master of Business Administration (MBA), Management
University of Wollongong · NSW, Australia
2014
Bachelor of Business Administration (BBA), Commerce
University of Wollongong · Dubai, UAE
2012
Clearance
No clearance — eligible
From the Desk
Writing & notes
April 21, 2026
Notes on Byte-Transformer Models for Detecting EDR-Evading Malware
How we trained an in-memory detection agent on raw bytes — and what surprised us about generalization to unseen packers.
- AI / ML
- Malware Analysis
- EDR
February 10, 2026
Building a Follow-the-Sun Reverse Engineering Team
What I learned building a global RE team that hands off live malware incidents across three time zones — and the parts I’d do differently.
- Leadership
- Incident Response
- Threat Intel
November 7, 2025
What the C-Suite Actually Wants to Hear About Ransomware
After dozens of executive briefings during active incidents, three things matter — and threat intelligence is usually not one of them.
- Executive Communication
- Incident Response
- Risk