White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good??

In this exclusive Q&A, we spoke with seasoned white hat hacker Gilit Saporta, Director of Analytics for DoubleVerify’s Fraud Lab. Gilit has helped out with and stopped some of the world’s sneakiest ad fraudsters across streaming, the open web, mobile, etc. Before her role as Director of Analytics at DV, she worked at Simplex as a Fraud Fighting Team Leader and Head of Fraud Intelligence. Prior to that, Gilit was Head of Training for Forter, and for nearly seven years, led analytics and risk science initiatives at PayPal.

Did you go to college? What did you go to school for?

As an adopted daughter to parents who immigrated to Israel a few years after World War II, I was honored to be the first person in my extended family to attend university in Israel. I graduated from Tel Aviv University, where I majored in Theatre Arts (BA summa cum laude, valedictorian and MFA summa cum laude). I was lucky enough to be able to pursue my passion for art in parallel to my work in tech for a couple of years and even had a few of my plays produced in fringe theaters in Tel Aviv.

What was your first role in tech?

Going way back, as a teenager I had a summer vacation job for a telephone company, where I physically maintained analog phone line routing systems back in the 1990s.

But to be a bit more focused on high-tech, as an IDF military intelligence officer, I started to learn code and build logic for innovative defense products at the age of 18. This experience probably landed me my first “real” role in tech: a student position at the age of 21 catching early attacks on e-commerce sites for a startup called FraudSciences, that was later acquired by PayPal. I was looking for an interesting part-time job I could do to help fund my university studies, and in a way, I almost fell into it. Today, I love hearing my kids tell people that their mom has been “catching bad people online for over 20 years.”

What is the most valuable skill you learned in your role?

Keeping an open mind and a curious mindset was and remains the core of my skill set. Through my first roles, I learned that being curious about the endless research options of the data around you will allow you to work with the most intelligent — and fun — people. Plus, you’ll get the rush of feeling that there’s always another hill to climb.

I’ve always loved solving puzzles, so learning that the passion for digging into data quirks is in itself a skill was a huge revelation for me.

What soft skills do you think make a person successful in tech, fraud protection and cybersecurity?

Stay humble, knowing that there’s lots to learn from newcomers with a fresh perspective. This is a soft skill that all researchers should possess, especially when it comes to growing into leadership roles. I see that by continuously encouraging others to express even their “hunch” about potential theories is a strong asset for the team’s creativity and that great discoveries are made thanks to this culture.

Any parting thoughts or final piece of advice to someone looking into your type of role?

These days, there are ample learning opportunities and reading materials available about any flavor of cybersecurity and fraud protection products. I recommend not only reading samples of this ocean of information but also interacting with the community of fraud fighters whenever possible — conferences, meetups, professional social media and beyond. Contribute your own thoughts and questions to the community, hypothesize about scams and schemes that you would imagine are happening, get some feedback and gradually become a master of storytelling — since the story of the attack is often just as important as the quantitative analysis.