During recent discussions at SiGMA, it became clear that iGaming operators face growing security threats — from account takeovers and credential stuffing to DDoS attacks — that can directly impact revenue.
Building a security team from scratch is not just about hiring IT specialists; it’s about creating a threat-driven structure that can prevent losses while keeping operations smooth.
We spoke with Lenkep, a recruitment agency with deep expertise in iGaming talent, to explore practical guidance for operators on how to hire security roles effectively, prioritize skills, and prepare for emerging threats.
From your perspective, which security roles are becoming essential for iGaming operators today?
Elena Rzyanina: Right now, the basic skeleton of a security team at an iGaming operator looks like this.
First, fraud and risk analysts/engineers – and specifically a team, not a single person. They monitor transactions, bonus abuse, account takeovers and payment fraud in real time and understand exactly where money is leaking.
Second, compliance / AML / payments risk specialists – people who know licensing, KYC/AML requirements and PSP logic well enough to make sure the company doesn’t wake up one day with frozen accounts and fines.
The third block is SOC analysts and security engineers, responsible for monitoring, incident response and keeping the infrastructure resilient. The fourth is Application Security / DevSecOps – the people who protect the product itself: authentication flows, payment pages, internal tools and APIs.
On top of that, Threat Intelligence is gaining serious momentum. Operators are increasingly facing APP fraud, brand clones and more sophisticated attacks, so they need people who can not only put out fires after the fact, but also spot attack patterns early and show the business where it’s vulnerable.
If an operator doesn’t yet have a proper security function in place, who is realistic to hire first – and why?
Elena Rzyanina: It makes perfect sense to start with a Security Lead who can take ownership of the entire security function: set priorities, define processes, build the team and speak the same language as the business.
But if you look at real operator cases, the first hires almost always land in risk and fraud — that’s where the pain is sharpest and direct money losses show up fastest. So the starting lineup is often a strong Fraud/Risk specialist who takes over transactional monitoring, bonus abuse, disputed payouts and works closely with payments and support.
Then, once the worst gaps are closed, the logical next step is to finally bring a Security Lead (or CISO) into the loop and build the rest of the function around them: AppSec/DevSecOps, SOC, compliance, a dedicated fraud team — all added step by step as the business grows.
What’s a simple, threat-driven hiring order that helps operators protect revenue early?
Elena Rzyanina: If the goal is to protect revenue as fast as possible, you need people who control transactions, financial fraud and technical vulnerabilities.
That means a Risk / Fraud Engineer who monitors transactions, chargebacks and bonus abuse; a Payments / Compliance Specialist who understands PSP logic, limits and KYC/AML; and an AppSec / DevSecOps Engineer who closes gaps in authentication, payment pages and the player account area. This combination is what reduces direct financial losses the earliest.
One important point though: you shouldn’t neglect the leadership role at the start. A strong CISO or Security Lead will own the big picture and build the security function so that all of this actually works in practice, not just on paper.
During SiGMA, operators highlighted rising credential and account attacks, underscoring cybersecurity risks for iGaming platforms. How should this shape hiring priorities?
Elena Rzyanina: Attacks on player accounts are dangerous on two fronts at once: direct financial losses and chargebacks, plus the hit to player trust in the brand. We’re seeing this play out across the industry, especially in recent cases of fraud and regulatory failures in the casino industry, where weak authentication and monitoring have led to costly penalties. A single major account takeover incident can haunt a company for a long time, even if everything is fixed technically afterwards.
That’s why hiring priorities are shifting towards people who protect authentication and access specifically. In the near future, there’ll be even more demand for AppSec / DevSecOps engineers who harden login, account recovery and payment flows, and close logic flaws — the exact weak spots attackers exploit fastest. Alongside them, operators are increasingly looking for fraud analysts who monitor account behaviour and help spot suspicious activity in time.
Which skills or traits matter most when recruiting security talent specifically for iGaming?
Elena Rzyanina: Top of the list is domain knowledge. Honestly, it’s hard to think of an industry where understanding the specifics, regulation and overall high-risk environment matters more. Without that, even a very strong engineer will be operating at half power.
They have to get their head around not just the tech stack, but also licences, KYC/AML, how PSPs work, bonus mechanics and typical fraud patterns. Otherwise, security measures will either choke the product and kill conversion, or fail to properly protect the money and the licence.
What markets does Lenkep currently cover, and where do you see the strongest demand for security-focused recruitment?
Elena Rzyanina: High-risk is still our core niche, and the number of operators coming in with security requests is clearly growing. FinTech remains consistently among the leaders in terms of demand, and we don’t see any signs of it slowing down. For fintechs these roles are absolutely critical, and we regularly get very specific briefs for payments-focused security hires.
At Lenkep we’re often not just hiring one person, but building an entire cybersecurity function end-to-end — both for new verticals at iGaming companies and for their core teams. At the same time, demand for security talent isn’t limited to high-risk: it remains strong in classic IT as well. For example, we recently filled a security role for a UK-based IT company that wanted to strengthen its data and infrastructure protection.
Looking toward 2025, which emerging threats should shape how operators build their security teams?
Elena Rzyanina: APP fraud is already causing operators more and more trouble and is getting noticeably more sophisticated: the player is sure they’re dealing with the real brand, sees the familiar logo, support, payment page – but the money goes to fraudsters. For the operator, it’s a double hit: direct financial losses and a long tail of reputational risk.
No single person can handle this end to end, so teams are increasingly building a combo instead: Threat Intelligence, to spot brand clones and suspicious attack patterns in time; a Fraud Analyst, to pick up anomalies in transactions and player behaviour; and a Security Engineer, who can quickly close the technical gaps. This setup lets you work not only “after the incident”, but proactively reduce both the likelihood and the impact of losses.
With a background in digital media and a keen eye for emerging technologies, Ronaldo bridges the gap between players and platforms through clear, insightful reporting to the iGaming industry.
