As Autodesk automates our customers' design and make processes, we handle more and more of our customers' data. We want to use customer data — both the design data customers create and data about how customers work — to create knowledge and insights. One way to do that is to use machine learning and other technologies to look across large data sets, discern best practices, and help our customers adopt those best practices.
To do this, Autodesk will have to analyze a large sample of customer data, so we can learn and infer best practices from them. As our CEO, Andrew Anagnost, has pointed out: This is not much different from how Google makes better search decisions or Amazon makes purchase recommendations based on user behavior; however, unlike Google or Amazon,...
...we want to do this on the customers' behalf. We don't want to sell their data to a third party, bombard them with advertising, or sell them something. We want to help them improve their performance. We want to make them better. Also, unlike Google, Amazon, or Facebook, we don't want to use our customers' data without their permission or for a purpose which they did not understand or agree to. We want our customers to understand the value we can give them by analyzing their data along with that of thousands of other users. By permitting us to use their data, we want them to get true value in return.
Given our focus on customer data, we take data security very seriously. On Thursday and Friday of last week, although my programming skills are antiquated, I participated in a security-related exercise. The exercise was a capture the flag game where teams of employees competed to solve a variety of cybersecurity challenges with some crafted-for-the-event problems.
Here were the rules:
- The team with the most points at the end of the competition wins.
- The game opens October 10 at 10:00 SGT and closes 24 hours later.
- There will be ten challenges inspired by today's top security risks (OWASP Top 10).
- Each challenge has three optional hints. Using hints will cost a team points.
- Teams can start and end with any of the challenges.
- Every time a challenge is completed, the point value for every team who completed it decreases (i.e., the more teams who complete a challenge, the less it's worth).
The challenge was hosted on the MetaCTF platform. MetaCTF's goal is to make cybersecurity education accessible and fun. They create hands-on, interactive, and learning-based competitions and trainings that make it easy to learn new cybersecurity skills by breaking down complex cybersecurity concepts into engaging challenges that simulate real world scenarios.
The ten challenges for our exercise fell under four categories:
- Web Exploitation
- Binary Exploitation
- Reverse Engineering
Autodesk had 19 teams that volunteered to burn the midnight oil Thursday night and during the day on Friday (when work schedules permitted).
I was on a team with:
- Larry Knott, Senior Principal Engineer on the Autodesk Forge platform
- Harpreet Singh Khaira, Senior Software Engineer on the Autodesk Forge platform
- Srinivasan Jayaraman, Principal Engineer on our Digital Platform Experience team
Our team name was "The Force." We were geographically dispersed around the Bay Area and Cypress, Texas. We used Zoom meeting technology to problem solve virtually face-to-face. We didn't win, but we had great chemistry. Even though I lacked the necessary technical skills, the Capture The Flag security exercise was a great opportunity for me to learn about potential vulnerabilities in any cloud or desktop offering. I now have a better appreciation for what our developers do every day to make our solutions secure.
Autodesk has always been an automation company. Today, more than ever, that means helping our customers automate their design and make processes. We help them embrace the future of making, where they can do more (e.g., efficiency, performance, quality), with less (e.g., energy, raw materials, timeframes, waste of human potential), and realize the opportunity for better (e.g., innovation, user experience, return on investment). Keeping our customers' data secure allows them to trust us so we can use their data to help them achieve better outcomes.
Data security is alive in the lab.