Categories
Artificial Intelligence Security What I’m Up To

A simple AI fake voice and face example

This past Tuesday (July 15, 2025), I appeared on a news segment on Tampa’s WFLA Channel 8 evening news, where I was brought in to comment about ways to not fall for AI-powered phone scams. The video from that news segment is pictured above.

While the segment talked about using AI to mimic people’s voices and faces and have them say whatever you want, there wasn’t time to demonstrate this capability — so I’m doing it here.

Here’s a video I recorded back in October 2023 to promote a Python course that I was teaching:

I then fed that video to HeyGen, the AI avatar service,  and used it to translate my video into Spanish. Here’s the result:

I don’t speak Spanish anywhere as fluently and smoothly as my HeyGen-generated version, and note that HeyGen went so far as to sync my lips with the Spanish words!

The Spanish voice is also a decent approximation of mine — close enough that it might fool even people who know me well, given a stressful situation full of emotion and other distractions, which is the sort of scenario that con artists try to create in a phone scam.

You should also note that the Spanish video was made with the version of HeyGen from October 2023. I’m sure it’s undergone significant improvements since then.

Categories
Conferences Security Tampa Bay

BSides Tampa 12: This coming weekend!

BSides Tampa 12, Tampa’s big cybersecurity conference, takes place this weekend at the University of South Florida!

BSides Tampa is one of Tampa Bay’s biggest tech conferences, with 1,900 attendees at last year’s event:

It’s worth checking out, even if cybersecurity isn’t your main focus. For starters, in today’s incredibly networked and AI-powered environment, security is everyone’s concern.

You’ll also learn a lot, whether it’s from one of presentations spread across seven tracks, the villages (the Social Engineering Adventure Village, the Lockpick Village, and the Network Security Village), the two Capture the Flag events, or the people you’ll meet.

Yours Truly, presenting at last year’s BSides Tampa. You can find out more about my presentation here.

BSides Tampa will take place over two days:

  • Friday, May 16: Training and workshops
  • Saturday, May 17: The main conference and post-conference happy hour

The tickets for the main conference are very reasonably priced:

  • General admission: $45
  • Students / active-duty military / veterans: $30

You can buy tickets to BSides Tampa here.

BSides’ history

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content.

In 2009, the Black Hat conference in Las Vegas received way more presentation submissions than they could take on. The rejected presenters had very good presentations; there just wasn’t enough capacity for them. Those presenters, disappointed at not having their presentations accepted, banded together and made their own “b-side” conference in the spirit of Bender from Futurama.

That event was the first BSides, a small, hastily-assembled event that ran at a BSides organizer’s house at the same time as Black Hat on July 29 and 30, 2009.

Here are some photos:

Here’s the summary of that first BSides from the BSides history page:

It was a wild success: the talks were good, the party was better, and it was clear that the security community was excited at the idea of a conference that focused on conversations and personal interaction with peers. Those involved in the first event had a vision of rolling the idea out at a regional level, enabling local organizers to set up similar conferences in their own area.

In 2010, BSides took place again in Las Vegas, but there were also BSides conferences in Atlanta, Austin, Berlin, Boston, Dallas, Delaware, Denver, Kansas City, Ottawa,  and San Francisco. In 2011, it would expand to over 40 events, with Africa and Australia joining the list of continents that had a BSides conference.

Tampa had its first BSides on February 15, 2014, and it’s grown over the years to become one of the biggest Tampa Bay tech events of the year.

BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.

Join us at BSides Tampa this weekend!

Categories
Current Events Security

This is horrifying: U.S. Defense Secretary Orders Cyber Command to stand down from all planning to counter Russia

According to cybersecurity news site The Record (they’re pretty good; you should bookmark them), newly-appointed U.S. Defense Secretary (and former FOX News host, philanderer, and raging alcoholic with a track record that “falls short of military standards”) ordered U.S. Cyber Command to stand down from all planning against Russia last week.

This is the same Russia that brought us cybersecurity threats such as:

Here’s what CISA — the Cybersecurity and Infrastructure Security Agency — has to say about Russia. This is from their Russia Cyber Threat Overview and Advisories page, which was on their website at the time of writing, but it might not be for much longer:

Friends in the cybersecurity industry — prepare a lot of headaches in the near future.

Categories
Current Events Security

DOGE’s government org chart page seems to be hacked

At the time of writing, if you go to this URL at the (incredibly unserious) DOGE.GOV site…

https://doge.gov/workforce?orgId=7cd300eb-cf3f-47f5-90f1-9e66a8bc8d07

…you’ll see this:

According to 404 Media:

The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”

Not only do the DOGEbags lack forensic accountants, it seems that they’re short on people with even the most basic cybersecurity chops.

Coverage at the time of writing

Categories
Humor Security

When you fail a company phishing email test

In all my years, I’ve failed it only once. But I’m certain that actually experiencing that failure ensured that the lesson would “stick.”

I happened a few years back. I was being diligent and getting all my tax stuff ready to send to my accountant in early February, around the time when my then-employer was sending employees their primary tax document, the dreaded Form W-2. (For those of you outside the U.S., it’s the wage and tax document provided by your employer; for example, the Canadian equivalent is the “T4 Slip”.)

I was doing a search through my company inbox to find the download location for my W-2 information, having forgotten that it was available through Workday. One of the search results was one of those phishing email tests, disguised to look like an official email with a link to my tax info. Since I was reading the email as search results and not as email, I was not in my usual email security mindset, clicked the link in the email, and boom:

I got the usual “Your manager will be notified and you’ll have to undergo mandatory security re-education” message afterward. Surprisingly, my manager never brought it up, and I was never scheduled for the “Don’t do it again, dumbass” remedial course, but believe me: I learned my lesson that day.

Categories
Humor Security

Obscurity DOES have a role in security

Thanks to Ewan Sinclair for the find! Tap to view at full size.
Categories
Current Events Humor Security

“Tell Crowdstrike. I want them to know it was me.”

Thanks to Chris Laco for the find!