This past Tuesday (July 15, 2025), I appeared on a news segment on Tampa’s WFLA Channel 8 evening news, where I was brought in to comment about ways to not fall for AI-powered phone scams. The video from that news segment is pictured above.
While the segment talked about using AI to mimic people’s voices and faces and have them say whatever you want, there wasn’t time to demonstrate this capability — so I’m doing it here.
Here’s a video I recorded back in October 2023 to promote a Python course that I was teaching:
I then fed that video to HeyGen, the AI avatar service, and used it to translate my video into Spanish. Here’s the result:
I don’t speak Spanish anywhere as fluently and smoothly as my HeyGen-generated version, and note that HeyGen went so far as to sync my lips with the Spanish words!
The Spanish voice is also a decent approximation of mine — close enough that it might fool even people who know me well, given a stressful situation full of emotion and other distractions, which is the sort of scenario that con artists try to create in a phone scam.
You should also note that the Spanish video was made with the version of HeyGen from October 2023. I’m sure it’s undergone significant improvements since then.
BSides Tampa 12, Tampa’s big cybersecurity conference, takes place this weekend at the University of South Florida!
BSides Tampa is one of Tampa Bay’s biggest tech conferences, with 1,900 attendees at last year’s event:
It’s worth checking out, even if cybersecurity isn’t your main focus. For starters, in today’s incredibly networked and AI-powered environment, security is everyone’s concern.
You’ll also learn a lot, whether it’s from one of presentations spread across seven tracks, the villages (the Social Engineering Adventure Village, the Lockpick Village, and the Network Security Village), the two Capture the Flag events, or the people you’ll meet.
BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content.
In 2009, the Black Hat conference in Las Vegas received way more presentation submissions than they could take on. The rejected presenters had very good presentations; there just wasn’t enough capacity for them. Those presenters, disappointed at not having their presentations accepted, banded together and made their own “b-side” conference in the spirit of Bender from Futurama.
That event was the first BSides, a small, hastily-assembled event that ran at a BSides organizer’s house at the same time as Black Hat on July 29 and 30, 2009.
It was a wild success: the talks were good, the party was better, and it was clear that the security community was excited at the idea of a conference that focused on conversations and personal interaction with peers. Those involved in the first event had a vision of rolling the idea out at a regional level, enabling local organizers to set up similar conferences in their own area.
In 2010, BSides took place again in Las Vegas, but there were also BSides conferences in Atlanta, Austin, Berlin, Boston, Dallas, Delaware, Denver, Kansas City, Ottawa, and San Francisco. In 2011, it would expand to over 40 events, with Africa and Australia joining the list of continents that had a BSides conference.
Tampa had its first BSides on February 15, 2014, and it’s grown over the years to become one of the biggest Tampa Bay tech events of the year.
BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.
Here’s what CISA — the Cybersecurity and Infrastructure Security Agency — has to say about Russia. This is from their Russia Cyber Threat Overview and Advisories page, which was on their website at the time of writing, but it might not be for much longer:
Friends in the cybersecurity industry — prepare a lot of headaches in the near future.
The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”
Not only do the DOGEbags lack forensic accountants, it seems that they’re short on people with even the most basic cybersecurity chops.
In all my years, I’ve failed it only once. But I’m certain that actually experiencing that failure ensured that the lesson would “stick.”
I happened a few years back. I was being diligent and getting all my tax stuff ready to send to my accountant in early February, around the time when my then-employer was sending employees their primary tax document, the dreaded Form W-2. (For those of you outside the U.S., it’s the wage and tax document provided by your employer; for example, the Canadian equivalent is the “T4 Slip”.)
I was doing a search through my company inbox to find the download location for my W-2 information, having forgotten that it was available through Workday. One of the search results was one of those phishing email tests, disguised to look like an official email with a link to my tax info. Since I was reading the email as search results and not as email, I was not in my usual email security mindset, clicked the link in the email, and boom:
I got the usual “Your manager will be notified and you’ll have to undergo mandatory security re-education” message afterward. Surprisingly, my manager never brought it up, and I was never scheduled for the “Don’t do it again, dumbass” remedial course, but believe me: I learned my lesson that day.
