On the Road with FirstLine: Summer 2025
On the Road with FirstLine: Summer 2025

On the Road with FirstLine: Summer 2025

Tabletop Exercises Strengthen Election Infrastructure Security Across Florida

From Jacksonville to Panama City Beach, Cyber Florida’s FirstLine Summer 2025 “Road Trip” brought mission-critical cybersecurity training directly to election teams and public sector leaders across the state. Conducted in partnership with the Norwich University Applied Research Institutes (NUARI) and the Florida Division of Emergency Management (FDEM), this six-stop Tabletop Exercise (TTX) series was designed to simulate real-world election infrastructure incident scenarios and help strengthen interagency coordination, communication, and planning.

This program was funded through a Fortifying Florida grant provided by the Florida Division of Emergency Management and the Federal Emergency Management Agency (FEMA).

The TTX series, held in June and July 2025 in Jacksonville, Gainesville, Orlando, Sarasota, Panama City Beach, and Tallahassee, convened 129 participants from 40 counties. These no-cost events provided a safe, realistic environment for election officials, IT personnel, law enforcement, and emergency managers to test and refine their response to evolving threats against Florida’s election infrastructure.

“I attended this TTX as an intern to gain hands-on experience with real-world
cyber incidents. This was my first TTX, and I was looking to
gain new perspectives and also network.”

Building Readiness Through Realistic Scenarios

Each TTX presented participants with a simulated cyber or physical security incident involving election systems. The exercises required participants to respond under pressure, think across organizational boundaries, and prioritize coordinated actions and communication.

Attendees consistently praised the scenarios’ realism and relevance, with 100% of survey respondents affirming their applicability to real-world operations.

“The discussion between IT and office users during the exercises provided
a good exchange for each other’s perspectives.”

A Distinguished Turnout in Tallahassee

The final stop on the road trip in Tallahassee underscored the importance of the TTX series, drawing senior state leaders and cybersecurity experts, including:

Kristen Pederson, Vice President, NUARI
Melinda Miguel, Chief Inspector General for the State of Florida
James Taylor, CEO, Florida Technology Council
Yolanda Williams, Cybersecurity State Coordinator/Advisor, CISA
Ashley Grover, Cyber Navigator Program Manager, Florida Department of State
Travis Hart, President, Florida Supervisors of Elections
David Crain, Senior Crime Intelligence Analyst Supervisor, Florida Department of Law Enforcement (FDLE)

Their presence demonstrated broad support for advancing cyber resilience in election infrastructure and affirmed the value of FirstLine’s targeted, tactical approach.

Key Takeaways: Preparedness Starts with Planning

Participants walked away from the TTXs with strengthened confidence, actionable insights, and renewed urgency around preparation. Common lessons included:

The critical need for a written Incident Response Plan (IRP)
The role of cross-agency communication during a crisis
The importance of involving all stakeholders, not just IT

“1. Be prepared before an emergency happens. It is not a matter of if but of when.
2. Cybersecurity is not only for IT— the whole organization should be included.”

“Communication is key.”

“Go back and have discussions with my staff on where we currently stand regarding
preparation, readiness, and knowledge.”

The FirstLine Mission

FirstLine, Cyber Florida’s no-cost cybersecurity education and training program for Florida’s public sector, is designed to meet agencies where they are—literally. By delivering certified, scenario-based tabletop exercises across the state, FirstLine ensures that even the most resource-limited agencies can train, collaborate, and build resilience together.

The Summer 2025 TTX Road Trip exemplifies that mission in action: a practical, inclusive, and high-impact initiative supported by FEMA and FDEM through the Fortifying Florida program. As threats evolve, so will FirstLine, ensuring that Florida’s election infrastructure systems and public institutions remain a model of readiness and coordinated defense.

To learn more about FirstLine or request training for your agency, visit cyberflorida.org/training.

On the Road with FirstLine: Summer 2025Jennifer Kleman2025-07-29T14:04:49-04:00

Career Launch Series: From SOCAP to Google
Career Launch Series: From SOCAP to Google

Career Launch Series: From SOCAP to Google

How One Apprentice Found His Footing in Offensive Security

When Yousef Blassy steps off the packed New York City subway each morning and walks into Google’s Manhattan offices, he’s stepping into a dream that started with curiosity, a willingness to take risks, and a foundational cybersecurity training program called SOCAP.

Today, Yousef works as an offensive security consultant at Google, placing him squarely on the front lines of one of the world’s most sophisticated tech environments. But a short time ago, he was a student in Cyber Florida’s SOCAP (Security Operations Center Apprentice Program), learning the ropes of a rapidly evolving field.

A Day in the Life at Google

As part of Google’s security consulting team, Yousef dives into complex client environments, actively hunting for vulnerabilities, testing system defenses, and identifying potential weak points before malicious actors do. When he’s not in the thick of an engagement, he’s contributing to team projects, conducting research, or sharpening his skills through continuous learning.

The work is fast-paced and mentally demanding, but Yousef is exactly where he wants to be. He credits SOCAP for helping him get there.

The SOCAP Experience: More Than Just Training

“Penetration test reports can be long and time-consuming,” he explained. “The technical writing I did in SOCAP—writing detailed tickets and documentation—directly prepared me for the type of communication required in my current role.”

Beyond writing skills, SOCAP provided a crucial launching pad for his red-teaming ambitions. While others might gravitate toward blue team roles, Yousef knew early on he was drawn to the offensive side of security. SOCAP didn’t just allow him to explore that interest; it actively supported it, even providing a voucher for the Practical Junior Penetration Tester (PJPT) certification.

Passing the PJPT wasn’t just a personal milestone; it proved to be a key differentiator during his interview process with Google.

From Apprentice to Consultant: Navigating the Transition

Still, the shift from a learning environment to full-time consulting wasn’t without its challenges. “The biggest adjustment,” Yousef says, “was the need for on-the-spot learning and problem-solving.”

As an apprentice, support was always close at hand. But in the world of security consulting, especially on solo engagements, the expectations are different. “There’s less handholding,” he explains. “You’re expected to deliver tangible results by the end of your engagement, even if the findings are minimal.”

That kind of independence requires technical chops, confidence, adaptability, and the mindset to treat every challenge as an opportunity to grow.

Advice for the Next Generation

Yousef doesn’t mince words when advising current SOCAP students: “Don’t be shy and actively seek out work you might feel unprepared for.”

He knows firsthand that some of the best learning happens outside your comfort zone. “It’s often all in your head. You are capable. And if you hit a wall, remember—whatever issue you’re facing, someone online has likely already solved it.”

Looking back, he wishes he had taken more initiative during the program. Whether it was participating in free Capture the Flag (CTF) competitions or attending local cybersecurity conferences, he sees now that those moments outside the classroom are just as vital to growth as the formal curriculum.

Looking Ahead

Yousef isn’t slowing down anytime soon. He sees his future rooted in cloud security, with a focus on becoming an increasingly skilled and impactful consultant. Next on his horizon? The Offensive Security Certified Professional (OSCP) certification is a notoriously challenging credential that he hopes to complete by the end of the year.

He’s also keen to give back. You can follow his journey or connect with him on LinkedIn, where he shares updates, thoughts, and resources for fellow cybersecurity professionals and students.

Beyond the Code

Of course, life at Google isn’t all about firewalls and exploits. Sometimes, it’s about grabbing a $1.50 slice of pizza to get through a long shift. And sometimes, it’s about a deeper lesson that has nothing to do with security tools or certifications.

For Yousef, that unexpected insight came in the form of spiritual clarity: “Have trust in God’s plan, for He is the best of planners.”

Yousef’s story is proof that cybersecurity careers aren’t born—they’re built, step by step, with curiosity, hard work, and the courage to take on what you think you’re not ready for. From SOCAP to Google, he’s forged a path that many aspire to—and he’s just getting started.

Career Launch Series: From SOCAP to GoogleJennifer Kleman2025-08-22T08:06:56-04:00

Kurt Sanger — Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men Hats
Kurt Sanger — Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men Hats

Kurt Sanger — Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men Hats

No Password Required Podcast Episode 62 — Kurt Sanger

Kurt Sanger —Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men Hats

Kurt Sanger —Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men Hats
On this episode, hosts Jack Clabby, of Carlton Fields, P.A., and Kayley Melton, Executive Director of Operations at the Cognitive Security Institute, sit down with Kurt Sanger—a seasoned cyber law leader and former Deputy General Counsel at U.S. Cyber Command.
Kurt, who now advised clients at Buchanan Ingersoll & Rooney, reflects on his 23+ years in the U.S. Marine Corps and how the adrenaline of cyber operations and policy has translated into the private sector, where he now helps clients navigate legal risk in an increasingly tech-driven world. He opens up about the difference between the proactive pace of military cyber law and the more reactive nature of corporate advisory work—and why that shift surprised him.

He also shares how moving to the Tampa Bay area shattered his assumptions about where cyber talent lives, explaining why it’s one of the most vibrant and underrated cybersecurity communities in the country. From quoting The Godfather on nation-state threats to challenging the 10,000-hour mastery rule, Kurt gives us an honest look at the evolving cyber legal landscape—and what it means for newcomers entering the field.

In the Lifestyle Polygraph segment, Kurt settles the ultimate Chicago food debate and declares a clear winner among the Windy City’s top three treats (will he choose the casserole masquerading as pizza?). He also explains his appreciation for the stylish hats of Mad Men that he believes should make a comeback and turns the tables with a Tampa-themed question for Jack.

https://www.linkedin.com/in/kurt-sanger-311970115/

Kurt Sanger — Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of Mad Men HatsRex Wilson2025-07-29T13:02:33-04:00

Cell Phone Privacy and Unwanted Access Informational Guide
Cell Phone Privacy and Unwanted Access Informational Guide

Cell Phone Privacy and Unwanted Access Informational Guide

In today’s digital world, mobile phones are more than just phones. They are our personal secretaries. They manage our schedules, store our health and insurance information, act as our bank and workstations, and encapsulate our entire social lives through apps, photos, videos, and voice messages.

This informational report discusses cell phone privacy and how to prevent unwanted access, or in other words, when “a person gains logical or physical access without permission to a network system, application, data, or other resources. With real-world examples, reputable statistics, and a step-by-by-step guide for both iOS and Android devices, this report serves to help mobile users of all levels stay informed and in control.

Guide created by the Cyber Florida Security Operations Center. Contributing Security Analysts: Waratchaya Luangphairin, Lara Radovanovic, Zahid Rahman

Cell Phone Privacy and Unwanted Access Informational GuideSarina Gandy2025-08-20T13:52:20-04:00

CyberBay Summit to Spark the Next Digital Defense Movement
CyberBay Summit to Spark the Next Digital Defense Movement

CyberBay Summit to Spark the Next Digital Defense Movement

Tampa Bay conference unites cybersecurity, AI, national security leaders

July 15, 2025—Tampa, Fla— CyberBay2025, a high-impact summit uniting the nation’s leading minds in cybersecurity, artificial intelligence, and national security, is launching in Tampa Bay this fall. The event will engage leaders in business, investment, education, and the military with a bold agenda focused on redefining the front lines of digital defense.

Set for October 13–15, 2025 at the Tampa Marriott Water Street, the event is hosted by Cyber Florida, University of South Florida (USF), The USF Bellini College of AI, Cybersecurity and Computing, USF Institute for AI+X, and Bellini Capital. Registration is now open at CyberBay.org.

“Tampa Bay is the hub of America’s cyber resilience. Established companies, startups, investors, educators, and the military are building a next-generation cybersecurity ecosystem that outpaces threats and serves as an economic engine for the country,” said Arnie Bellini, Managing Partner at Bellini Capital. “CyberBay 2025 will ignite innovation and action from classrooms to corporations to command centers.”

Content at the summit will mobilize a new era of cyber readiness capable of safeguarding infrastructure, protecting free enterprise, and defending digital borders. The agenda will focus on cybersecurity, AI+X, national security, the start-up/VC ecosystem, research and development, and education, talent recruitment, and retention.

In addition, a cybersecurity Capture the Flag competition will feature rising talent, and an AI and Cyber Talent Showcase will bring graduating students and job seekers together with leaders from Tampa’s tech industry.

Current speakers include:

Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, combat veteran, cybersecurity pioneer
General (Ret.) Frank McKenzie, Executive Director, Cyber Florida at USF and the Global and National Security Institute, USF
Patrick McDaniel, Professor of Computer Sciences, University of Wisconsin–Madison
Arnie Bellini, Tech Entrepreneur & Managing Partner, Bellini Capital
Gayle Sheppard, Board of Directors, Nutanix
Elisa Bertino, Samuel D. Conte Distinguished Professor of Computer Science, Purdue University

Early bird ticket pricing is available until July 31, 2025.

Ticket	Early Bird Price	Regular Price after July 31
General Admission	$200	$250
Gov/Academia/Military/Nonprofit	$150	$200
Student	$20	$40

Sponsors for the event include ConnectSecure, ThreatLocker, and CyberFOX, among other Tampa institutions and cybersecurity organizations.

For sponsorship information, please contact Andrew Morgan at andrew@rightofboom.com.

Journalists interested in attending should contact Jennifer Kleman, APR, CPRC, Cyber Outreach Manager at Jennifer437@cyberflorida.org for a complimentary ticket.

About The University of South Florida (USF)
The University of South Florida is a top-ranked research university, serving approximately 50,000 students from across the globe at campuses in Tampa, St. Petersburg, Sarasota-Manatee and USF Health. USF is recognized by U.S. News & World Report as a top 50 public university and the best value in Florida. U.S. News also ranks the USF Health Morsani College of Medicine as the No. 1 medical school in Florida and in the highest tier nationwide. USF is a member of the Association of American Universities (AAU), a group that includes only the top 3% of universities in the U.S. With an all-time high of $738 million in research funding in 2024 and as a top 20 public university for producing U.S. patents, USF uses innovation to transform lives and shape a better future. The university generates an annual economic impact of more than $6 billion. USF’s Division I athletics teams compete in the American Athletic Conference. Learn more at www.usf.edu.

About USF Bellini College of AI, Cybersecurity and Computing
The Bellini College of AI, Cybersecurity and Computing at the University of South Florida is the first named college for AI, cybersecurity, and computing, dedicated to advancing education, research and ethical innovation. The College is designed to foster interdisciplinary innovation and technology development through strong industry and government partnerships, serving as a critical talent center for CyberBay and the cybersecurity sector as a whole.

About Cyber Florida at USF
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

About USF Institute for Artificial Intelligence (AI+X)
The USF Institute for Artificial Intelligence (AI+X) is a university-wide research and education center for Artificial Intelligence. It conducts externally-funded research in Artificial Intelligence (AI) and associated areas (X = Healthcare, Medicine, Biology, Cybersecurity, Finance, Business, Manufacturing, Transportation), using a transdisciplinary approach across Neuroscience, Cognitive Science, and Computer Science, and work with industry to transition them into products that benefit humanity in an ethical and responsible manner.

About Bellini Capital
Deploying capital through a blend of seed investment and philanthropy, Bellini Capital is seeking to create an unbreakable ecosystem of cybersecurity innovation, talent development, and ecological stewardship. The firm was founded by technology entrepreneur, investor, and philanthropist, Arnie Bellini, and is based in Tampa, Florida (a.k.a. CyberBay).

Media contact:
Jennifer Kleman, APR, CPRC
Cyber Outreach Manage
Jennifer437@cyberflorida.org

CyberBay Summit to Spark the Next Digital Defense MovementJennifer Kleman2025-07-15T09:10:09-04:00

Student Spotlight: Louis Noble
Student Spotlight: Louis Noble

Student Spotlight: Louis Noble

Student: Louis Noble

School: Seminole Ridge Community High School

District: Palm Beach County

Meet Louis Noble! Louis is an outstanding cybersecurity student at Seminole Ridge Community High School in Palm Beach County. He consistently approaches every challenge with a commitment to excellence.

Starting as a self-taught programmer and cybersecurity enthusiast, Louis went on to complete AP Computer Science Principles and AP Computer Science A, while actively participating in the school’s IT program and standout cybersecurity class.

His interest in cybersecurity was first sparked through hands-on experience with a family mentor, whose encouragement inspired a lasting fascination with solving real-world cyber threats.

Today, Louis stands out as a dedicated learner—transforming curiosity into expertise and embracing every opportunity to drive innovation in the cybersecurity landscape. Cyber Florida is proud to recognize Louis’ inspiring journey in this vital field.

Do you teach a great student who should be featured in our Student Spotlight?
Please complete the form below!

Student Spotlight Submission Form

Student Spotlight: Louis NobleJennifer Kleman2025-07-11T08:58:05-04:00

Teacher Spotlight: Valerie Mays
Teacher Spotlight: Valerie Mays

Teacher Spotlight: Valerie Mays

Teacher: Valerie Mays

District: Palm Beach

Meet Valerie Mays, an awesome teacher at Palm Beach Lakes Community High School in Palm Beach County. With over 22 years of experience in education, she understands the growing importance of cybersecurity as technology evolves and threats become more complex.

Valerie’s approach focuses on preparing students to thrive in this dynamic landscape by equipping them with the skills and certifications needed to step confidently into emerging cyber roles, many of which are just being defined. She values the opportunity to connect learners with industry-relevant knowledge while nurturing their passion and potential.

Through her guidance, students are empowered to design innovative solutions, launch new initiatives, pursue meaningful careers in government or the private sector, and become transformative leaders in the ever-changing digital world.

Cyber Florida is proud to celebrate Valerie’s outstanding contributions to cybersecurity education.

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight Submission Form

Teacher Spotlight: Valerie MaysJennifer Kleman2025-07-10T13:13:29-04:00

Kathy Collins — From AOL to Award-Winning Cuisine to High-Stakes Hacking
Kathy Collins — From AOL to Award-Winning Cuisine to High-Stakes Hacking

Kathy Collins — From AOL to Award-Winning Cuisine to High-Stakes Hacking

Recorded live at the 2025 Sunshine Cyber Conference in Tampa, Jack Clabby of Carlton Fields, P.A., and resident cybersecurity expert Kayley Melton, Executive Director of Operations at the Cognitive Security Institute, sit down with Kathy Collins, Security Consultant at Secure Ideas. Kathy shares her extraordinary journey, which began at the AOL help desk, took a flavorful detour through award-winning kitchens, and ultimately landed in the high-stakes world of penetration testing.

Kathy explains how the intensity, precision, and discipline of her 15 years in fine dining prepared her for the unpredictable demands of cybersecurity. She recounts a particularly memorable physical pen test involving a rainy golf cart getaway—and a very unimpressed police officer.

The conversation highlights Kathy’s passion for community building through events like BSides Jacksonville, where she encourages newcomers to dive in and get involved. In the Lifestyle Polygraph segment, Kayley throws Kathy two horror-themed questions with bite: which movie soundtrack best scores a pen test, and which fictional villain she’d trust most on an engagement. Fava beans and a nice Chianti may follow a successful test.

https://www.linkedin.com/in/kathyvcollins/

Kathy Collins — From AOL to Award-Winning Cuisine to High-Stakes HackingRex Wilson2025-07-07T12:30:51-04:00

Deepfake Cyber Threats: Understanding the Risks of AI-Powered Fraud and Scams
Deepfake Cyber Threats: Understanding the Risks of AI-Powered Fraud and Scams

Deepfake Cyber Threats: Understanding the Risks of AI-Powered Fraud and Scams

I. Targeted Entities

Deepfake technologies pose a threat to a wide range of entities, including but not limited to:

Individuals / General Public
Politicians and Political Processes
Celebrities and Public Figures
Organizations and Corporations:

Senior Executives
Financial Sector

Government Officials and Agencies

II. Introduction and Key Treat Details

Introduction

Synthetic media generated by Artificial Intelligence (AI), commonly known as deepfakes, are rapidly multiplying and increasing in sophistication. We are currently witnessing a significant surge in deepfake incidents; for instance, there was a 257% rise in recorded incidents from 2023 to 2024, and the rest quarter of 2025 alone surpassed the total incidents of the previous year.

The potential impacts are severe and varied. These include substantial financial losses for organizations and individuals, as seen by the $25 million fraud at Arup, where executives were impersonated via deepfake video. Deepfakes are key in disinformation campaigns that erode public trust and can influence political outcomes, such as through fake calls targeting voters. Furthermore, the technology is used to create non-consensual explicit content and enhance the effectiveness of social engineering attacks.

As outlined in Section I, targets span from the general public and public gures to corporations (particularly in nance) and government entities. Addressing this emerging threat requires a multi-layered strategy. Organizations must implement robust cybersecurity policies, conduct continuous employee awareness training, deploy technical safeguards, and enforce strict verification protocols. Also, individuals need to develop media literacy, enhance personal data security, and be skeptical of certain online information. Ocial bodies, such as the FBI, are increasingly issuing warnings and guidance, indicating a move towards more collaborative defense.

Key Threat Details

Threat Type: The threat involves the malicious use of deepfakes, which are AI-generated synthetic media (audio, video, or images) carefully crafted to impersonate real individuals or fabricate events that never occurred. The primary technology empowering deepfakes is Generative Adversarial Networks (GANs). A GAN consists of two neural networks: a 'generator' that creates the fake content and a 'discriminator' that attempts to distinguish the fake content from authentic examples. Through an iterative, adversarial training process, the generator becomes progressively better at creating realistic fakes that can deceive the discriminator, and ultimately, human perception. This technology is leveraged by increasingly accessible software, with tools like Iperov's DeepFaceLab and FaceSwap, and services like Voice.ai, Mur.ai, and Elevenlabs.io for voice cloning.

Targets

Individuals (General Public): Targeted for fraud, non-consensual explicit content, and harassment.
Politicians and Political Processes: Disinformation campaigns, impersonation to influence elections, and reputational attacks.
Celebrities and Public Figures: Often targeted for non-consensual explicit content, endorsement scams, and reputational damage.
Organizations and Corporations:
- Senior Executives (CEOs, CFOs): Impersonated in financial fraud schemes.
Financial Sector: Targeted for large-scale fraud, market manipulation through disinformation, and undermining customer trust.
Government Officials and Agencies: Impersonated to obtain sensitive information, spread disinformation, or authorize fraudulent actions.

Impact

If successful, deepfake attacks can lead to:

Financial Fraud: Significant monetary losses through impersonation of executives or trusted parties to authorize fraudulent transactions (vishing).
Disinformation and Political Destabilization: Manipulation of public opinion, interference in elections, incitement of social unrest, and damage to democratic processes.
Reputational Harm: Severe damage to personal or corporate reputations through the creation and dissemination of non-consensual explicit material, defamatory statements, or fabricated incriminating evidence.
Social Engineering and Data Breaches: Gaining unauthorized access to sensitive systems or information by impersonating trusted individuals and deceiving employees.
Erosion of Trust: Diminished public trust in authentic media, institutions, and digital communication ("liar's dividend").
Operational Disruption: Business operations can be disrupted by disinformation campaigns or internal fraud incidents.

Contextual Info

Deepfake technology is accessible to a wide spectrum of malicious actors. This includes individual fraudsters, online harassers, organized criminal enterprises focused on financial gain, and potentially state-sponsored groups deploying deepfakes for complex disinformation campaigns and political interference.

Related Campaigns/Past Activity

The versatility of deepfakes is seen through various high-prole incidents:

The $25 million financial fraud at Arup, where attackers used deepfake video and audio to impersonate senior executives in a conference call, compelling an employee to make unauthorized transfers.
AI-generated calls impersonating U.S. President Joe Biden, which urged voters in New Hampshire not to participate in the primary election, representing a direct attempt at election interference.
The widespread creation and distribution of non-consensual explicit deepfake images of public gures like Taylor Swi, highlighting the potential for severe personal and reputational harm.

MITRE ATT&CK TTPs

T1566 Phishing: Deepfakes, especially audio (voice clones), are used in vishing (voice phishing) campaigns, aligning with sub-techniques like T1566.003 Spearphishing Voice.

T1591.002 Create/Modify Content: Deepfakes inherently involve creating or modifying content to deceive, related to broader information operations or influence campaigns.

IV. Recommendations

For Organizations

Policies:

Develop and enforce robust cybersecurity policies that address the risks of deepfake attacks. Integrate deepfake scenarios into incident response plans and conduct regular practice incidents.
Establish clear guidelines on the acceptable use of AI and synthetic media tools within the organization.

Awareness/Training:

Implement continuous security awareness training for all employees, leadership, and relevant third parties. Training should cover deepfake identification, the psychological tactics used by attackers (e.g., urgency, authority bias), and established reporting procedures.

Technical Safeguards:

Enforce strong Multi-Factor Authentication (MFA) across all systems and users, prioritizing stronger methods for critical access points.

Deploy AI-powered detection tools for high-risk communication channels (e.g., video conferencing, customer service calls).

Adopt a Zero Trust security architecture, assuming no user or device is inherently trustworthy without continuous verification.

Monitor for Virtual Camera Software in Logs: For live deepfake attacks, attackers may use virtual camera software like Open Broadcaster Software (OBS) to feed the manipulated video into the meeting application. If logging is enabled for platforms like Zoom or Microsoft Teams, security teams can review logs for camera device names. The presence of uncommon camera names like 'OBS Virtual Camera' can be a strong indicator of a deepfake attempt, since this software is not typically used by employees for standard meetings.

Verification and Controls:

Implement strict verification (e.g., phone call authentication) for any unusual or high-value requests, specifically those involving financial transfers, changes to payment details, or disclosure of sensitive information over digital channels.
- Implement "master passcodes" or challenge questions for authenticating identities during sensitive communications.
- Enforce dual approvals for significant decisions/transactions.

Preventative Measures:

Minimize the public availability of audiovisual material of executives/employees to limit training data for attackers.
Assess organizational susceptibility to deepfake attacks, identifying vulnerable processes and personnel.

For Individuals

Increase Media Literacy and Critical Thinking:

Approach online content with healthy skepticism. Question the authenticity of unexpected, sensational, or emotionally manipulative videos, audio messages, or images.
Always consider the source of information. Verify claims through multiple reputable sources before accepting them as true.

Recognize Potential Red Flags:

Be aware of common visual indicators such as unnatural eye movements, mismatched lighting, a face that flickers when an object passes in front of it, or an unwillingness from the person to show their side prole. For audio, listen for robotic cadence, unnatural pitch, or lack of emotional inection. 17 However, understand that sophisticated deepfakes may not exhibit obvious aws.

Protect Personal Data:

Review and tighten privacy settings on all social media accounts to limit public access to personal images, videos, and information.
Be mindful of the amount of personal audiovisual data shared online.

Verify and Report:

If you receive a suspicious or urgent request, even if it appears to be from a known contact, verify it through a separate, trusted communication channel (e.g., call a known phone number).
Report suspected deepfakes immediately to the platform where they are hosted. If the deepfake is being used for malicious purposes (e.g., fraud, harassment, defamation, non-consensual explicit content), report it to law enforcement agencies.

VII. References

Works cited

Deepfake statistics 2025: how frequently are celebrities targeted?, accessed June 7, 2025, hps://surfshark.com/research/study/deepfake-statistics

Cybercrime: Lessons learned from a $25m deepfake attack | World …, accessed June 7, 2025, hps://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup/

Understanding the Hidden Costs of Deepfake Fraud in Finance – Reality Defender, accessed June 7, 2025, hps://www.realitydefender.com/insights/understanding-the-hidden-costs-of-de epfake-fraud-in-nance

Top 5 Cases of AI Deepfake Fraud From 2024 Exposed | Blog – Incode, accessed June 7, 2025, hps://incode.com/blog/top-5-cases-of-ai-deepfake-fraud-from-2024-exposed/

Gauging the AI Threat to Free and Fair Elections | Brennan Center for Justice, accessed June 7, 2025, hps://www.brennancenter.org/our-work/analysis-opinion/gauging-ai-threat-free-and-fair-elections

FBI warns of fake texts, deepfake calls impersonating senior U.S. …, accessed June 7, 2025, hps://cyberscoop.com/i-warns-of-ai-deepfake-phishing-impersonating-gove rnment-ocials/

Top 10 Terrifying Deepfake Examples – Arya.ai, accessed June 7, 2025, hps://arya.ai/blog/top-deepfake-incidents

Deepfake threats to companies – KPMG International, accessed June 7, 2025,hps://kpmg.com/xx/en/our-insights/risk-and-regulation/deepfake-threats.html

Cybercrime Trends: Social Engineering via Deepfakes | Lumi Cybersecurity, accessed June 7, 2025,hps://www.lumicyber.com/blog/cybercrime-trends-social-engineering-via-dee pfakes/

Investigation nds social media companies help enable explicit deepfakes with ads for AI tools – CBS News, accessed June 7, 2025, hps://www.cbsnews.com/video/investigation-nds-social-media-companies-he lp-enable-explicit-deepfakes-with-ads-for-ai-tools/

How to Mitigate Deepfake Threats: A Security Awareness Guide – TitanHQ, accessed June 7, 2025, hps://www.titanhq.com/security-awareness-training/guide-mitigate-deepfakes/

Deepfake Defense: Your Shield Against Digital Deceit | McAfee AI Hub, accessed June 7, 2025, hps://www.mcafee.com/ai/news/deepfake-defense-your-8-step-shield-against-digital-deceit/

FBI Warns of Deepfake Messages Impersonating Senior Ocials …, accessed, June 7, 2025, hps://www.securityweek.com/i-warns-of-deepfake-messages-impersonating -senior-ocials/

FBI Alert of Malicious Campaign Impersonating U.S. Ocials Points to the Urgent Need for Identity Verication – BlackCloak | Protect Your Digital Life™, accessed June 7, 2025, hps://blackcloak.io/i-alert-of-malicious-campaign-impersonating-u-s-ocials -points-to-the-urgent-need-for-identity-verication/

AI's Role in Deepfake Countermeasures and Detection Essentials from Tonex, Inc. | NICCS, accessed June 7, 2025, hps://niccs.cisa.gov/training/catalog/tonex/ais-role-deepfake-countermeasures-and-detection-essentials

What is a Deepfake Aack? | CrowdStrike, accessed June 7, 2025, hps://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/deepfa ke-aack/

Determine Credibility (Evaluating): Deepfakes – Milner Library Guides, accessed June 7, 2025, hps://guides.library.illinoisstate.edu/evaluating/deepfakes

Understanding the Impact of Deepfake Technology – HP.com, accessed June 7, 2025, hps://www.hp.com/hk-en/shop/tech-takes/post/understanding-impact-deepfak e-technology

19.Deepfakes: Denition, Types & Key Examples – SentinelOne, accessed June 7, 2025, hps://www.sentinelone.com/cybersecurity-101/cybersecurity/deepfakes/

en.wikipedia.org, accessed June 7, 2025, hps://en.wikipedia.org/wiki/Deepfake#:~:text=While%20the%20act%20of%20cr eating,generative%20adversarial%20networks%20(GANs).

What are deepfakes? – Malwarebytes, accessed June 7, 2025, hps://www.malwarebytes.com/cybersecurity/basics/deepfakes

Complete Guide to Generative Adversarial Network (GAN) – Carmatec, accessed June 7, 2025, hps://www.carmatec.com/blog/complete-guide-to-generative-adversarial-netw ork-gan/

How to Get Started with GANs: A Step-by-Step Tutorial – Draw My Text – Text-to-Image AI Generator, accessed June 7, 2025, hps://drawmytext.com/how-to-get-started-with-gans-a-step-by-step-tutorial/

Detection of AI Deepfake and Fraud in Online Payments Using GAN-Based Models – arXiv, accessed June 7, 2025, hps://arxiv.org/pdf/2501.07033

What is a GAN? – Generative Adversarial Networks Explained – AWS, accessed June 7, 2025, hps://aws.amazon.com/what-is/gan/

Overview of GAN Structure | Machine Learning – Google for Developers,accessed June 7, 2025, hps://developers.google.com/machine-learning/gan/gan_structure

Unlocking the Power of GAN Architecture Diagram: A Comprehensive Guide for Developers, accessed June 7, 2025, hps://www.byteplus.com/en/topic/110690

We Looked at 78 Election Deepfakes. Political Misinformation Is Not an AI Problem., accessed June 7, 2025, hps://knightcolumbia.org/blog/we-looked-at-78-election-deepfakes-political-m isinformation-is-not-an-ai-problem

What is a deepfake? – Internet Maers, accessed June 7, 2025, hps://www.internetmaers.org/resources/what-is-a-deepfake/

Don't Be Fooled: 5 Strategies to Defeat Deepfake Fraud – Facia.ai, accessed June 7, 2025, hps://facia.ai/blog/dont-be-fooled-5-strategies-to-defeat-deepfake-fraud/

Top 10 AI Deepfake Detection Tools to Combat Digital Deception in 2025 SOCRadar, accessed June 7, 2025, hps://socradar.io/top-10-ai-deepfake-detection-tools-2025/

How to Spot Deepfakes – Fake News – Dr. Martin Luther King, Jr. Library at San José State University Library, accessed June 7, 2025, hps://library.sjsu.edu/fake-news/deepfakes

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Derek Kravetsky

Deepfake Cyber Threats: Understanding the Risks of AI-Powered Fraud and ScamsSarina Gandy2025-07-02T09:38:08-04:00

Career Launch Series: From Apprentice to Advisor
Career Launch Series: From Apprentice to Advisor

Career Launch Series: From Apprentice to Advisor

How Cyber Florida’s SOCAP Helped Erika Delvalle Launch Her Cybersecurity Career

When Erika Delvalle crossed the stage to receive her diploma from the University of South Florida in December, she wasn’t just closing a chapter; she was already deep into the next one. Now a full-time cybersecurity advisor at Rapid7, Erika helps organizations strengthen their security postures using tools like InsightIDR and InsightVM. However, she credits much of her early success to the experience and exposure she gained through Cyber Florida’s SOCAP (Security Operations Center Apprenticeship Program).

Real-World Skills, Real-World Confidence

SOCAP gave Erika more than just a preview of what life in cybersecurity could look like; it gave her a running start. During her time in the program, Erika helped write and distribute monthly threat hunting reports to government agencies, gaining valuable experience in technical analysis and professional communication.

“That experience gave me the confidence to write full reports and share them with external partners,” she recalled. “That was the moment I felt ready for the real world. It showed me I could handle the technical side and clearly explain what I found.”

She also became familiar with industry-standard tools like Splunk, CrowdStrike, and Recorded Future—knowledge that has translated directly into her current role.

“Much of what I do now is rooted in what I learned in SOCAP. The hands-on practice helped me hit the ground running.”

A Day in the Life at Rapid7

In her new role at Rapid7, no two days are the same. Erika works closely with clients to ensure they understand how to get the most out of their security tools while staying on top of constant product updates and industry developments.

“I spend a lot of time answering questions, helping clients troubleshoot, and collaborating with our SOC team to resolve any concerns,” she said. “There’s also a lot of learning—our tools evolve quickly, and I’ve had to develop strategies to keep up.”

Erika said she uses many methods to stay current, including watching videos, reading documentation, asking coworkers, and simply following her curiosity.

Building a Strong Foundation

While many of the incidents she deals with—such as phishing attempts or user authentication issues—may seem routine, Erika knows how critical the fundamentals are.

“Most challenges I see are about getting the basics right,” she said. “Things like user awareness, multi-factor authentication, and general security hygiene go a long way. My job is to help clients improve those areas and get more out of the tools they’re using.”

SOCAP’s emphasis on foundational skills made that transition smoother.

“If there’s one thing I wish I had done differently,” she reflected, “it’s diving deeper into the tools we had access to. There’s so much more under the surface, and those extra layers of understanding would be even more useful now.”

Advice for the Next Generation

To current SOCAP students and aspiring cybersecurity professionals, Erika offers practical advice: keep an open mind.

“Say yes to new opportunities even if they aren’t your dream job right away,” she said. “Everything teaches you something. Use outside resources like CTFs, certifications, or conferences to determine what you enjoy.”

And don’t underestimate the human side of the job.

“One thing that surprised me was how important it is to build personal connections. Before we dive into technical problems, we always check in and ask how the client’s day is going. It sets the tone.”

Looking Ahead

Erika sees herself continuing to grow within the blue team, focused on defense, incident response, and helping others understand the value of strong security practices. She’s also eyeing certifications from CISA and SANS as part of her professional development.

“I feel good about where I’m at, but there’s always room to grow,” she said. “I’d like to eventually move into a more technical SOC or support role and keep impacting that way.”

Life Outside the SOC

When she’s not helping organizations defend against cyber threats, Erika finds a different kind of freedom on two wheels.

“I got into motorcycles last summer after seeing a bunch of videos in my feed,” she said with a laugh. “It’s such a fun and relaxing way to take a break from work. Plus, it’s a great excuse to explore Florida and find new food spots.”

Erika Delvalle’s journey—from SOCAP apprentice to trusted cybersecurity advisor—is a testament to the power of experiential learning and the importance of mentorship, tools, and real-world practice. Her story is a shining example of how Cyber Florida’s mission to develop a skilled cyber workforce is making a tangible difference, one career at a time.

Career Launch Series: From Apprentice to AdvisorJennifer Kleman2025-07-01T11:23:19-04:00