CISO to CISO with Ben Hagen, Cruise

"Security is not the problem of the security team. It should be a shared ownership across the org."

About Ben Hagen

Ben Hagen is the director of security at Cruise Automation. He's also served in security leadership roles at Netflix, Facebook, and Salesforce. In addition, he's played major security roles in the Obama campaigns. We've got some great items to talk about!

Watch the Video, Read & Listen to the Transcript or Subscribe to the Podcast!

Watch the Video

Read & Listen to the Transcript

Apr_8_2020-BenHagen_CisoToCisoPodcast.mp3 transcript powered by Sonix—easily convert your audio to text with Sonix.

Apr_8_2020-BenHagen_CisoToCisoPodcast.mp3 was automatically transcribed by Sonix with the latest audio-to-text algorithms. This transcript may contain errors. Sonix is the best audio automated transcription service in 2020. Our automated transcription algorithms works with many of the popular audio file formats.

Michael Coates:
Welcome, everyone. My name is Michael Cotes, I'm the CEO and co-founder of Altitude Networks. This is another edition of CISO to CISO. I'm here as a former CISO, had spent my time at Twitter and also Mozilla, and we have Ben Hagen with us today. Ben has a full and lengthy background of security leadership. I'll touch on a few things and Ben then please introduce yourself. But running security elements that Cruise has been at Facebook at Salesforce was at Netflix for many years, and then even more experience throughout the Midwest before that in a variety of security roles. So this is going to be super interesting. I'm really excited. Ben, thanks so much for spending time with us.

Ben Hagen:
Of course. My pleasure.

Michael Coates:
So as we talk about the wonderful world of security, one of the things I think is fascinating is that it's just such a challenging role, such a challenging world, and it's very different in every situation. What was your security journey? How did you end up where you are today, leading security at these amazing tech companies? How did you how did you get there?

Ben Hagen:
Yeah, it's been a long road. Counting way back, I think I graduated college from a master's program in 2005 and I've been working in the field of security ever since then. But I would say my interest goes way back before that as well, where, you know, I think my my family was very fortunate to, I think, get our first kind of desktop computer in the mid eighties. And, you know, back in the day, you couldn't use a computer without understanding computers in some way, shape or form, even as a young kid wanting to play video games, having to deal with like memory optimizers and config files and like rebooting to like clean environments to just be able to play the game that you want to play, I think taught me a lot about computers and kind of, I think, seeded that interest in how computers work and where they go from there, moving through, you know, moving into adulthood. I became more interested in some pretty kind of esoteric computer areas, like in the late 80s and early 90s. The demo scene was a big thing where people were basically writing assembly code to try and make computers do amazing things, like lots of graphics and audio and that kind of stuff. And that was wizardry that I wanted to understand and started playing around with. I had an older brother who actually went to school for computer science, and his experience that he passed on to me kind of soured me on the aspect of going through undergraduate with a computer related field that just didn't seem like the education that I wanted to get at the time.

Ben Hagen:
So I actually went through an undergrad program in Political Science and Mandarin Chinese, which was a really interesting opportunity to to get away from technology and focus on other things that I'm passionate about. But when it came time to find a job after graduation, I immediately kind of picked up an opportunity to continue my education through graduate school into a field at Iowa State University, a degree called Information Assurance, which is basically computer security. And in other words, that led me into where we first met working at Motorola right after graduation at the headquarters in Schaumburg, Illinois, starting at a starting in the security operation center for Motorola, which I always describe to people as very war games. Like we worked in a big theater atmosphere with like big screens, with maps on them, big kind of big red circles on things to kind of know to where problem spots are, that kind of thing. And eventually progressed into security consulting both at Motorola and then at a comp any called Neohapsis, which has since been acquired by Cisco, I believe, was doing kind of the typical security consultant work of penetration tests, web application assistance, security reviews, those kind of things.

Ben Hagen:
When I had a really interesting opportunity to branch out of that world and joined the Obama re-election campaign in 2012, I always say that I was the kind of head of security there. In fact, I was the only security full time hired there. So I was the head and the full team of security. And it was a really interesting experience for me, a really interesting environment that we can dig into later if people are interested, but really gave me an opportunity to kind of branch out to what security looks like at a functioning organization and how you can build it into that organization. After that opportunity, I kind of opened my world to a bunch of other work, made the move out to the West Coast to work at Netflix during the campaign. I got experience working within AWS for the first time and really wanted to focus on that with my next career step and had the great opportunity to go to Netflix, which was, I think, one of the pioneers in terms of understanding public security and what it means to have like a massive deployment in a in a public cloud architecture. Spent about four years there before taking an opportunity at Salesforce to leave their infrastructure assurance team and then bid my way through a bunch of other companies as well from Salesforce. I went to Facebook and worked on as head of their corporate security and offence and security teams for a while until it's brought me to where I currently at, Cruise, where we are working on kind of perfecting autonomous vehicle technology and trying to use it to the benefit of communities around.

Michael Coates:
So it's so interesting that you mention tinkering with computers in order to play games as an entry point, that's I say the exact same thing. That was my motivation as well. And perhaps that was the indicator of an area where the computers did just enough if you made them get there and forced us to to learn how to do it for the sole purpose of playing video games so we can credit everything back to video games.

Ben Hagen:
I think it really teaches you some of the fundamentals that I think are useful in security, like understanding some of those basics of like how to how to operate. Since operating systems work at a very functional level, what you can do to work in that environment. And of course, I think all kids get into, you know, pirating games and that kind of thing at some point. And like, how do you remove copy protection and what does debugging look like? And eventually you go down a rabbit hole. That is a pretty direct shot at security, I think.

Michael Coates:
Mm hmm. Yeah, I recall finding that in middle school when the networks started to exist at a school and then they put controls in place like, well, why can't I do this anymore? And then again, the rat hole, just like you said.

Ben Hagen:
Absolutely.

Michael Coates:
So you've been both at war game central at Motorola and then on the other end you're building self-driving cars and securing them. So you've lived the sci fi world that we thought would exist one day and in the middle helped lead security for a campaign that's got to be like totally different worlds, the campaign world and high tech world. What are the differences look like? How do you how do you be successful? Do you find them to be different, different styles, techniques, challenges?

Ben Hagen:
Yeah, I think there's there's certainly a lot of important differences, I think. But there's actually a lot of alignment to now where, you know, most especially campaigns that are at a large scale, which would be most of the presidential campaigns. They operate like a fast moving startup does in many, many ways. The big difference being that technology is not the product there. It's a supporting function to kind of further the mission of a campaign which is pretty directly to to get somebody elected and to get them to win an election. So I think you need to kind of you need to build a strong communication skills to help people understand what what is the what's the payoff for the investment in something like security or technology that will actually help this mission be driven forward. And that actually, I think, prepared me to get into kind of the technology company of Silicon Valley in a surprisingly good way, where, like the fast paced atmosphere of a of a presidential campaign is actually, you know, in many ways, I would say faster than most Silicon Valley startup companies. You need to pivot on a dime. According to the news of the day. You need to, can entire technical projects just because of the direction that something is going and be flexible in terms of what you're doing day to day, the schedules that a campaign are increasingly time consuming. So you might start off with the same schedule a couple of months away from an election.

Ben Hagen:
But as you get closer turns into 12 hour days, seven day weeks, that kind of world. And that's not that's not terribly different than people who are passionate and working at a startup. So at least from an exhaustion perspective, I think there are a lot of similarity, similarities there that focus on technology and a startup is helpful. I think it's a shortcut to kind of making quick decisions with technology and understanding what investments will pay off in that kind of thing. From a security perspective, I think that, you know, within companies, you generally have to work very hard to validate investment in security. And it's a persistent problem in our industry to describe why somebody should build a security team or why they should pay for this product that you think will make things better, or why is it going to take six months to implement X, Y, Z security program. And that that ability to communicate over to leadership why, why investment is worthwhile is incredibly important at a campaign. Generally, you make that argument once or twice to leadership and say, hey, if this campaign has a major security event, people won't vote for us because, you know, it's a pretty clear direct link there. And from then on, you have some some amount of support. And ideally, you have the support to work in the way that you need to work to make things better.

Ben Hagen:
But it's not as continuous a case, I think, until you need time from other people. And then you always need to make that justification for trade off between people's time and improving security in that kind of thing. I think those are skills and situations we run and run into no matter what industry you're in and what kind of company. Silicon Valley is interesting just because I think there's a much more willing appetite to invest in security in kind of the Bay Area that more generically like the technology focused world. And I think that appetite one, I mean, you get much larger security investments in terms of people. We have larger teams with more specialization, more more time on their hands, and you can do more interesting things with it. But I've always found it surprising what you can do with a small amount of people who are focused and talented and able to work within the problems of the system. They have to have an impact. I'm not sure if that's the answer to your question, but I think it's surprisingly similar, actually. But I would say the dollar figures are certainly different from an investment perspective. And often the scope and kind of work you're doing is different just because of the threat. The threat model is different between the campaign and the business. But, you know, as recent news has taught us, campaigns are becoming a much more interesting security world as well.

Michael Coates:
Yeah, I think to that point, I mean, with the threat as being different, you also have what appears to be a pretty dramatically different, I wouldn't say employee base, but users or maybe the employees, the organization is sort of different. Did you run into challenges where I mean, at company you have a little bit of power to say this shall be the way. Did you run into challenges with the campaign being, well, there's volunteers and then there's a sort of transient access and pseudo employee relationship. Was that challenging?

Ben Hagen:
Yeah, for sure. And just to give some maybe numbers to that, for perspective, I think when I joined the campaign, we had maybe 40 to 60 full time employees, and that ramps up over about a year or two or just over a year, depending on the particular year. But that ramps up to around eight nine hundred a thousand essentially full time employees. And then a volunteer base that far outpaces that from a numbers perspective. And most of the people working there are not what you would call technology savvy, like they're they're on a mission. They often have a specialty around politics or elections and aren't necessarily familiar with best practices around security. So there's a bit of education there. But more importantly, I think it's setting people up for success and putting the same boundaries in place to just not let things go off the rails in terms of, you know what, people have access to you, what kind of freedom you give people to make decisions around security, you have to be a little more pragmatic around that approach than you would at a company whose core business is security related.

Michael Coates:
And it really gets back to that challenge of, of people. I can only imagine how difficult that must be to to make everyone productive in all those environments, to meet them at their technical level and still have that secure by default appropriate level of control. So you've seen you've seen security in different lights. You've been connected to the industry obviously for a number of years with the B sides, with pizza hacker, with a variety of other channels and outreach. Do you think I mean, we're a bit of a dramatic bunch in security. Do you think there's an area where where where are we missing the mark where we overhyping something or maybe missing something under investing in it? If you have kind of a magic wand, you're going to make this world better in security. What where would you point that?

Ben Hagen:
Yeah, absolutely. I think, you know, one of the missions I've had in my career as as I think I've gotten more experience and been able to talk to more people, is that I think there's an over-investment, at least in the security, culture and industry and in what I would call like the fetish of exploits, like there's a lot of time and attention spent publicizing problems. And it's not to minimize the value there. Like, obviously finding problems is a key way to know how to make things better. But I think it gets an outside amount of attention. And I think a lot of that is actually the fault of the security industry. Right. When you go to DEF CON or other big conferences, you know, the talks that attract the most people are going to be the ones that are like, I hacked an ATM or I've got this new exploit on iOS or something like that.

Ben Hagen:
And the toxin and kind of content around defense is much less, I would say, sexy in a direct way and gets, I think, less attention than it deserves. And I do truly feel that, you know, security holistically as a problem is one that we can only solve through community within the industry. And like talking about what's been working and innovations and making things better and how you approach problems is the only way for us to kind of stop the churn. The number of companies I've worked out that have like vulnerability management programs that don't work the way they should is it's basically all of them. Right. And we should be able to do better than that as an industry that's been trying to solve this problem now for 20, 30 years, probably we haven't made progress and a lot of fundamental problems from a defensive perspective. And I think a lot of that is kind of a resistance to talk about problems and solutions and to be more open with how you approach things. So I think those two work together, unfortunately, in a little bit of a stagnation pattern where, you know, until we're willing to give the same time and attention to protected concepts and best practices as we do to hot new exploits, and until we're willing to be open and free to talk about that company to company or organization or organization, I think we're still we're still kind of holding us back a little bit.

Michael Coates:
Yeah, and I totally agree, I've shared with teams of my own in the past, like, all right, it might be interesting for us to go, but are we going to learn anything if we know the latest way to hack a toaster? Like, how do I bring that into the company? There's certainly merits for continued academic research or even pushing the boundaries to disprove those horrible claims by vendors of this is hack proof. And we don't need to think about it. But I'm totally with you. Like, I want defensive conferences. And man, I've said so many times, like, you know, what's sexy for a CISO, like the most boring things like access control, like the fundamental problems, just doing those things at scale because it's such an aspirational, inventory, the super boring but actually. Yeah. You can't do anything without the basics underneath.

Ben Hagen:
And I think the good news is like there are like I've been a huge fan of the B sides conference in San Francisco for the last couple of years. It's gotten much bigger and much better from like a content perspective. And same thing with other other kind of groups are trying to make this better. Right. And I think, you know, you and I were both involved in APPSEC USA, OWASP a couple of years back. You were a big part of the OWASP organization which is focused on some of these challenges. Those kind of groups, I think are a great way to take out maybe take some of the bigger baby steps we as an industry can take to focus on this kind of thing. But I don't think we'll ever replace kind of the interpersonal communications and networks that we both build. We all build within within the industry to just one on one talk about problems and solutions. And, you know, not you know, unfortunately, there's a lot of kind of legal restrictions that are placed upon people. And I think the only way to be able to talk about things that maybe your company isn't excited for you to talk about is to do it a little bit more interpersonally, right. To talk one on one with people that you trust and that circle of trust becomes important. But hopefully we can widen that circle as we kind of grow the industry and as things get more, more complicated and more dangerous.

Michael Coates:
Yeah, thanks for doing very much. That right here with the large audience on the call. And the Inter-web in general when we publish this.

Ben Hagen:
Absolutely.

Michael Coates:
So shifting gears a little bit, the other fun thing about security is that what is true today will change next week in six months. What we need to think about we hadn't thought about before. The architectures have changed so much, and I think we're living through this example of massive sudden shift to work from home, the notion of BYOD is probably been doubled down on even unexpectedly. We have outsourced personnel. And then to throw in yet another thing, the shift to cloud with infrastructure and SAAS, how do you reconcile all of these changes from a security strategy? How do you keep up without destroying our hair on fire?

Ben Hagen:
I mean, I think sometimes are all of our hair catches on fire at some point, but, yeah you've got a certain strategy to take care of that problem, I think. I think there's a couple key things that I look for in terms of willingness from the company when I consider opportunities there. And, you know, I think at a at a very core level, I'd like there to be an understanding that security is not the problem with the security. It's it's a company wide problem. And there's needs to be ownership and responsibility distributed across the organization to make that better. And I don't think that minimizes the challenge or role of a security organization, but it shifts it subtly where I think security needs to become an enabler as opposed to a blocker whenever possible. And from like an intentional perspective, building out, you know, the terms we use these days are like guardrails or paved roads, basically to to make security easy for people to do. Right. And that's really another another thing that we've done really poorly over over time is making security consumable by not only consumers, but I would say like employees at a company, and focusing on strategies that build out kind of foundational security controls that are easy for people to understand and consume, I think enables you to give them a little more trust and own a little more of their own world for a security perspective. And that lets your team have kind of a more distributed impact throughout the organization.

Ben Hagen:
And I think the same thing holds true for a lot of the challenges you mentioned. Right. Bring your own device and outsourcing functions to other companies or other countries, that kind of thing. Both of those I would relate back to kind of the acceptance of risk. And if people are making poor decisions, they're generally not being held accountable for making a good decision or at risk. And I think that also involves decisions around impact to the rest of the company. And one thing I try and help people understand, the companies I work in is certainly outsourcing something to another company or country makes financial sense and can help things move quickly. But we need to make sure that calculation is correct. And part of that calculation needs to be know what is the impact from a risk perspective? What is the impact from a time perspective on teams that need to support these kind of organizations in this kind of work? What does that cost truly? Because it's not a dollar figure you pay a company. It's actually also expense internally to support that kind of work and to accept that kind of risk. Same thing for bring your own device. And I think, thankfully, the technical solutions from phone providers specifically or from creator and phone operating system creators, I think are becoming more flexible. I know both like Android and iOS have some functionality to kind of partition things in the same way.

Ben Hagen:
But ultimately you need to learn to trust your employees in some way, shape or form to have sensitive material on a personal device. And sure, you can have MDM or management or different controls on that to make it better. But ultimately it's still a risk calculation and you're intentionally like accepting some of that risk to let people use that device. Hopefully the technical solutions mature in a direction that makes that less of a concern for employees, because most employees are also concerned about their employer having access to their personal device. And likewise, it becomes an easier decision from a work perspective, because you have seen partitioning where if a company comes whilst you can, you know, at least you can wipe the work side of that phone or at least you have some sane ability to recover from a disastrous situation like that. Ultimately, I think these all relate back to kind of conversations and having some of those key foundations in place, going back to hygene like asset management, inventory, patch management, those kind of things only become more difficult in these worlds. And really investing to make that a slick story for your your organization becomes a huge payoff, I think, and enables you as a security organization to do a lot of the things you want to do much, much easier and at a bigger scale.

Michael Coates:
Yeah, I mean, great, great thoughts all around, I think the accountability one is one that doesn't get enough discussion because you said it precisely like security is not the problem of the security team. If the security team has to be accountable for all security breaches, then we have to have like God mode on all decisions, which is a ridiculous business model. Yeah, I've seen companies that struggle like they let VPs make decisions to overrule security but don't have any accountability if they go south. And that accountability model makes a huge difference to change the whole culture.

Ben Hagen:
Absolutely, and I would say, you know, I would credit my time at Netflix for a lot of my current perspective on security, and I think Netflix published a really famous culture presentation deck a bunch of years back before I joined them. And I remember reading that back when I was at Motorola. And I'm like, this is the kind of world I want to work at. And I think the the way that that culture actually influences accountability is very interesting because the core tenet of the Netflix culture is freedom and responsibility. Or it was. I haven't been there for a couple of years, so things might have changed. But what that means is like technically they will let you do whatever you think is good. They're hiring you because they trust your judgment, but you as an individual are accountable for the decisions you make. And I think that that reinforces a lot of people's desire to focus on security, because if you make a if you have poor judgment on something and it opens us to a lot of risk or potentially a breach or something, they will hold you accountable for that. And you're the one who made that choice. And that's a pretty, I think, direct line to accountability. But at any organization, I think we need to find those strings that help hold teams, organizations and individuals accountable for the choices they make, with that becomes there's a responsibility to inform on what that is and what the tradeoffs are. So I'm also a huge believer in the kind of awareness and education. I think that is absolutely like a key piece of the puzzle in any organization, no matter the size, to help kind of make this reality of accountability real.

Michael Coates:
Good stuff. So looking back at the years you've had insecurity in the journey you've made, what would you recommend to someone who wants to enter the field? And I guess some of what about someone who's in the field that wants to strive into security leadership one day.

Ben Hagen:
Now, ultimately, I think and it's the same advice you can give anybody to go into any field, but it really does help to be passionate about the stuff you're working on. Security is an unforgiving industry. If you don't love what you're doing or you don't find some gratification in terms of the the constant change in state of the art, the need to be the need to solve novel problems no matter where you go and a willingness to try new things, it is not a place to go if you're only willing to implement pattern A, B and C, but definitely not D, E or that one that you haven't invented yet. And I think that that individual passion is kind of the key thing that unlocks most satisfaction with your industry, but also gives you the motivation to be ambitious and grow your career. For me personally, you know, making the leap from individual contributor to manager was not an easy decision. I really enjoyed and still enjoy kind of the technical challenge of making things better and solving interesting and new problems. I think going into management and leadership, you need to find that same kind of satisfaction from being able to have that impact with individuals within your team and organization, helping impart good judgment and wisdom to them and helping them understand that, you know, ultimately these are problems that there is no perfect solution for.

Ben Hagen:
And we just need to have good judgment in how to approach it. Also good technical skills to make that a reality. So I do think it's great to have a technical understanding of where things are and where things are going. Eventually, as you take a journey into kind of management and leadership, you need to step away from that from a hands on perspective, and ideally, you can iterate that. My favorite line to people on my team at Netflix was if you ever catch me like working on a technical problem that's in the critical path of what we're trying to do, please stop me from doing that and tell me to shut my computer and give it to them, because I'm happy to tinker and build things, but I just don't want to be blocking people because my time is better spent within the organization, building partnerships and relationships and with my team and giving them context on the problems we are solving and hopefully helping them advance their own career as well. But yeah, I think it starts with that passion in the industry, and ideally that's something you can carry forward as your role shifts from individual contributor to manager to leader to owning an organization or something like that.

Michael Coates:
That is a fantastic line now, if you ever catch me on the critical path of the technical project. I love it. That's really good. We are coming up at the end of the half hour here. I promised a chance for some questions from the audience. We got more than we can accommodate, which is awesome. Thank you. We're going to cherry pick a couple, maybe just one even. This one's a doozy. The best one, a doozy. I'm throwing out the Midwestern in me with a doozy. What techniques and investments did you make to address nation state actors and threats as opposed to the normal corporate control as you put in place?

Michael Coates:
No, I mean, I think this goes down to, one education and awareness, because still, I'm a pretty strong believer that the easiest path into an organization by a dedicated attacker is going to be, you know, the social aspect. Right. So you can't really solve social engineering without awareness and education as part of the solution there. But more than that, I think that guardrail approach, that paved road approach, ideally means that the most important things you can invest the most time in, and you can protect either the data that's most important or the services that are most important and have some faith that people are using, some faith that you can also check on. Right. But some faith that people are using the best practices that your team has built out. Excuse me, built out to help them solve security problems, to help them make good decisions, and ideally it just becomes harder and harder to make a bad decision, or the opportunity costs that a team is encouraged to make a bad decision becomes higher and higher because they would have to go off the road. They'd have to jump over a guardrail to make that work. And it's not necessarily a quick solution, but I do think it's it's one that really pans out as a company evolves and as kind of engineering challenges pile on top of each other. So having those guardrails that become they don't necessarily confine people to do what they need to do. But increasingly, like there is there's no reason for people to avoid them either, because the thing that they need to do is so easy to do from a secure perspective that they're happy to stay within those guardrails.

Ben Hagen:
And you can focus your time as a security team on the outliers, the people that truly can't exist within that world of the people that have a truly novel problem. And I think from a nation state actor perspective, that really speaks to the ability to focus on the truly challenging technical threats that we have. But I would I would again say that they all start with the fundamentals of like hygiene. And once you get those in a way that you can leverage methodically as you do other business, like ideally there's automation and APIs and data sets that are readily available to your security team to be able to understand, like where where are my risks? Where are my outdated systems? Where are who owns the system? Can I go talk to them? What does a system do that doesn't look normal? I should highlight that. The APT threats that people love to talk about only become economical when you have like high enough hours that people need to invest in something truly complex to get over them. And frankly, most organizations aren't there. And until we can actually solve some of these fundamental problems, I think that's your best investment, making it iteratively harder day by day. I do the quarter by quarter for these threats to actually be successful pays off, maybe not as satisfying me in the short term by sexy vendor products that might solve some small problem for you, but I think you are making a bigger impact in the long term.

Michael Coates:
Yeah, the attack could be as advanced as they want, but if there's an easy path to take, they'll just take that in there. So, totally agree, very good. Well, we'll go ahead. We can talk all day, but we'll wrap it up here then. Thanks so much for your time. Really appreciate it. Thank you so much for everyone that joined us live and for everyone in the inter webs that are watching this recorded. Again, I'm Michael Coates. This presentation was brought to you, sponsored by Altitude Networks. Think of us as a cloud focused DLP protecting data in platforms like G Suite, 365, Box, etc.. The latest thing I'm working on, it's been very exciting, so I feel free to reach out to us if that's a problem area for you. And as you're all part of the security community, thanks so much. It is a wild challenge and has been mentioned so correctly. You know, we're only going to get there if we work together. So really appreciate your time and everyone that joined us. Thanks so much.

Ben Hagen:
Yeah, thank you, Michael. Thank you, everyone.

Automatically convert your audio files to text with Sonix. Sonix is the best online, automated transcription service.

Sonix uses cutting-edge artificial intelligence to convert your mp3 files to text.

Create and share better audio content with Sonix. Sometimes you don't have super fancy audio recording equipment around; here's how you can record better audio on your phone. Sonix takes transcription to a whole new level. Here are five reasons you should transcribe your podcast with Sonix. Get the most out of your audio content with Sonix. Are you a podcaster looking for automated transcription? Sonix can help you better transcribe your podcast episodes. More computing power makes audio-to-text faster and more efficient. Sonix converts audio to text in minutes, not hours.

Sonix uses cutting-edge artificial intelligence to convert your mp3 files to text.

Sonix is the best online audio transcription software in 2020—it's fast, easy, and affordable.

If you are looking for a great way to convert your audio to text, try Sonix today.

bits-new_1

Subscribe for more

Get notitifed of future CISO webcasts and other exciting security content

Thank you for subscribing!