White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good??

In this exclusive Q&A, we spoke with seasoned white hat hacker Gilit Saporta, Director of Analytics for DoubleVerify’s Fraud Lab. Gilit has helped out with and stopped some of the world’s sneakiest ad fraudsters across streaming, the open web, mobile, etc. Before her role as Director of Analytics at DV, she worked at Simplex as a Fraud Fighting Team Leader and Head of Fraud Intelligence. Prior to that, Gilit was Head of Training for Forter, and for nearly seven years, led analytics and risk science initiatives at PayPal.

Did you go to college? What did you go to school for?

As an adopted daughter to parents who immigrated to Israel a few years after World War II, I was honored to be the first person in my extended family to attend university in Israel. I graduated from Tel Aviv University, where I majored in Theatre Arts (BA summa cum laude, valedictorian and MFA summa cum laude). I was lucky enough to be able to pursue my passion for art in parallel to my work in tech for a couple of years and even had a few of my plays produced in fringe theaters in Tel Aviv.

What was your first role in tech?

Going way back, as a teenager I had a summer vacation job for a telephone company, where I physically maintained analog phone line routing systems back in the 1990s.

But to be a bit more focused on high-tech, as an IDF military intelligence officer, I started to learn code and build logic for innovative defense products at the age of 18. This experience probably landed me my first “real” role in tech: a student position at the age of 21 catching early attacks on e-commerce sites for a startup called FraudSciences, that was later acquired by PayPal. I was looking for an interesting part-time job I could do to help fund my university studies, and in a way, I almost fell into it. Today, I love hearing my kids tell people that their mom has been “catching bad people online for over 20 years.”

What is the most valuable skill you learned in your role?

Keeping an open mind and a curious mindset was and remains the core of my skill set. Through my first roles, I learned that being curious about the endless research options of the data around you will allow you to work with the most intelligent — and fun — people. Plus, you’ll get the rush of feeling that there’s always another hill to climb.

I’ve always loved solving puzzles, so learning that the passion for digging into data quirks is in itself a skill was a huge revelation for me.

What soft skills do you think make a person successful in tech, fraud protection and cybersecurity?

Stay humble, knowing that there’s lots to learn from newcomers with a fresh perspective. This is a soft skill that all researchers should possess, especially when it comes to growing into leadership roles. I see that by continuously encouraging others to express even their “hunch” about potential theories is a strong asset for the team’s creativity and that great discoveries are made thanks to this culture.

Any parting thoughts or final piece of advice to someone looking into your type of role?

These days, there are ample learning opportunities and reading materials available about any flavor of cybersecurity and fraud protection products. I recommend not only reading samples of this ocean of information but also interacting with the community of fraud fighters whenever possible — conferences, meetups, professional social media and beyond. Contribute your own thoughts and questions to the community, hypothesize about scams and schemes that you would imagine are happening, get some feedback and gradually become a master of storytelling — since the story of the attack is often just as important as the quantitative analysis.

More from Risk Management

The Growing Risks of Shadow IT and SaaS Sprawl

4 min read - In today's fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its challenges: namely, shadow IT and SaaS sprawl. According to a recent study by Entrust, 77% of IT professionals are concerned about shadow IT becoming a…

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…