Light Dark
May 25, 2023 By Mark Stone 3 min read
Risk Management
Threat Hunting

White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good??

In this exclusive Q&A, we spoke with seasoned white hat hacker Gilit Saporta, Director of Analytics for DoubleVerify’s Fraud Lab. Gilit has helped out with and stopped some of the world’s sneakiest ad fraudsters across streaming, the open web, mobile, etc. Before her role as Director of Analytics at DV, she worked at Simplex as a Fraud Fighting Team Leader and Head of Fraud Intelligence. Prior to that, Gilit was Head of Training for Forter, and for nearly seven years, led analytics and risk science initiatives at PayPal.

Did you go to college? What did you go to school for?

As an adopted daughter to parents who immigrated to Israel a few years after World War II, I was honored to be the first person in my extended family to attend university in Israel. I graduated from Tel Aviv University, where I majored in Theatre Arts (BA summa cum laude, valedictorian and MFA summa cum laude). I was lucky enough to be able to pursue my passion for art in parallel to my work in tech for a couple of years and even had a few of my plays produced in fringe theaters in Tel Aviv.

What was your first role in tech?

Going way back, as a teenager I had a summer vacation job for a telephone company, where I physically maintained analog phone line routing systems back in the 1990s.

But to be a bit more focused on high-tech, as an IDF military intelligence officer, I started to learn code and build logic for innovative defense products at the age of 18. This experience probably landed me my first “real” role in tech: a student position at the age of 21 catching early attacks on e-commerce sites for a startup called FraudSciences, that was later acquired by PayPal. I was looking for an interesting part-time job I could do to help fund my university studies, and in a way, I almost fell into it. Today, I love hearing my kids tell people that their mom has been “catching bad people online for over 20 years.”

What is the most valuable skill you learned in your role?

Keeping an open mind and a curious mindset was and remains the core of my skill set. Through my first roles, I learned that being curious about the endless research options of the data around you will allow you to work with the most intelligent — and fun — people. Plus, you’ll get the rush of feeling that there’s always another hill to climb.

I’ve always loved solving puzzles, so learning that the passion for digging into data quirks is in itself a skill was a huge revelation for me.

What soft skills do you think make a person successful in tech, fraud protection and cybersecurity?

Stay humble, knowing that there’s lots to learn from newcomers with a fresh perspective. This is a soft skill that all researchers should possess, especially when it comes to growing into leadership roles. I see that by continuously encouraging others to express even their “hunch” about potential theories is a strong asset for the team’s creativity and that great discoveries are made thanks to this culture.

Any parting thoughts or final piece of advice to someone looking into your type of role?

These days, there are ample learning opportunities and reading materials available about any flavor of cybersecurity and fraud protection products. I recommend not only reading samples of this ocean of information but also interacting with the community of fraud fighters whenever possible — conferences, meetups, professional social media and beyond. Contribute your own thoughts and questions to the community, hypothesize about scams and schemes that you would imagine are happening, get some feedback and gradually become a master of storytelling — since the story of the attack is often just as important as the quantitative analysis.

 |  |  |  | 
Mark Stone

More from Risk Management
July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

July 24, 2024

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

July 10, 2024

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature