jim.yuill.web+2023 at gmail dot com
Summary of skills and experience: Computer-systems R&D, for over 30 years. Most recently, 2 years in embedded-systems development, as a change in career path. Previously, 15 years in computer-security R&D (7 years with a military Top Secret clearance), 7 years in operating-systems development at IBM, and 6 years of university teaching. PhD in computer science from North Carolina State University (NCSU, 2006), with a thesis in computer security, which is highly cited.
Note: for my classified military work, I am permitted to describe my related job-skills, but not project details.
2/2022 to present: Book-writing, for the publisher Packt. Lead author for the second-edition of a book on real-time operating systems (RTOSes), by invitation of the publisher.
● The book is written and pending publication. The title is, Hands-On RTOS with Microcontrollers: Building real-time embedded systems using FreeRTOS, STM32 MCUs, and SEGGER debug tools, second edition
● The FreeRTOS operating-system is presented, along with 28 programs (C language). The programs run on an embedded-systems development-board (STM32).
● I made extensive improvements to the first-edition’s writing and code, also found and fixed quite a few bugs from the first-edition. I added new chapters on the hardware, super-loops, FreeRTOS installation, etc.
● Extensively researched the book’s system-software and hardware: FreeRTOS, IDE (STM32CubeIDE), debugging tools (Segger’s Ozone and SystemView), HAL and CMSIS libraries, dev-board (Nucleo-F767ZI), MCU (STM32F767ZI), and debug-probe (J-Link).
● I recruited a senior embedded-systems engineer to advise and co-author. I did 90% of the writing, programming, and research for the second edition.
1/2021 to 2/2022: Open-source development. I wrote a 70-page study-guide for the first-edition of the aforementioned FreeRTOS book.
● I read that book as part of self-study in embedded-systems programming. From in-depth study, I found quite a few errors in the book’s text and code.
● The study-guide contains: bug fixes, additional tutorial information, and also, fixes for bugs I found in FreeRTOS itself and a SEGGER debugging tool.
● After seeing my study-guide, the book’s publisher asked me to write the second edition.
● The study-guide: https://jimyuill.com/embedded-systems/study-guide-freertos-book/
I wrote an open-source program named WordWebNav, that converts Word documents to useful web-pages.
● I wrote the program so I could put that study-guide on my web-site, as there were no comparable tools.
● I also wrote it to demonstrate my programming skills, as I can’t disclose my military classified projects.
● Word can save documents as HTML, but the web-page has formatting problems and HTML bugs. My program fixes that, and it adds missing web-page features.
● I used a rigorous development process, over all life-cycle stages, e.g., coding, test, documentation, etc.
● The program was positively reviewed on the “Hack A Day” web-site.
● The program’s web-page: https://jimyuill.com/software/www/WordWebNav/
12/2019 to 12/2020: Bob Jones University, Associate Professor, Computer Science Department; Greenville, SC.
● Full-time teaching position. Temporary job, and I was offered a 1-year extension, but declined.
● I redesigned the intro-to-programming course, to provide better programming skills, and much of my changes were adopted by the university.
● I created a new computer-security course on penetration-testing (ethical hacking), at my manager’s request. Such a course is typically for upper-classmen, but this experimental course was for underclassmen, to attract new students. I provided solid engineering instruction, but the course did not work-out like we hoped.
2/2018 to 10/24/2019: Raytheon, in the division “Cyber Offense and Defense Experts”; Greenville, SC. Senior Cyber Engineer I, with Top Secret clearance. Systems-programming, for classified computer-security systems.
● Developed complex networking applications, which involved working at the packet level, and making IP-stack protocols do things they weren’t designed to do.
● I also have experience with designing new computer-security systems, including analysis of attacks and defenses. I created an abstract-model for a common type of computer-security system. The model greatly aided system-understanding and design. It was of publication quality, in being novel and significant.
● My development work included program design and coding, and I had very low bug rates.
● Experience with multi-threading and inter-process communication, on Linux and Windows. C++, Python, VMware, Git.
1/2017 to 1/2018: Siege Technologies; Rome, NY. Software engineer, with Top Secret clearance, for computer-security systems and projects, both classified and unclassified.
● Primary assignments were to investigate advanced technologies, and to create reports and software that enabled the team to use the technologies. The technologies included avionics networking-systems and GPS communication-systems.
● I created a packet-level networking application, using the communication-protocol’s specifications. It involved complex systems-programming, at the bit-level.
● An unclassified project involved researching the Linux distributions’ various package-managers, to get thorough information about installed packages.
● Python, assembly languages (ARM and x86), Bash, Pascal.
My research experience includes: the invention, design, and development of computer-security systems, processes, and models. Areas I’ve worked in include: deception for computer-security, intrusion detection, attribution of attacks, incident response, and risk analysis. A section below has links to my research publications, and some are highly-cited.
11/2011 – 12/2016: Lockheed Martin; Cherry Hill, NJ. Research scientist for DoD computer-security R&D programs, both classified and unclassified. Top Secret clearance. Member of the Advanced Technology Laboratories (ATL), an applied research division focused on creating novel prototype systems, at large scale. I often worked directly for a Senior Fellow (Lockheed’s highest engineering position). Highlights of my work:
● Research and system-design:
o I was the lead subject-matter-expert for most of ATL’s cyber-deception research. I also advised on deception use for other weapon systems, which included shaping overall-approaches and techniques.
o Work with DoD program managers to develop new DARPA research programs. For one program, I was one of two Lockheed technical leads, and the customer identified us as his favored team among the contractors. Lockheed won a $4M contract which evolved from that program.
o Research on using deception to counter hackers from foreign intelligence-services. Developed novel requirements-analysis and system-designs. It was for an anticipated DARPA research program.
o Created a novel data-base for software-exploits (hacker programs) and software-vulnerabilities. Collected data from extensive Internet sources. The system was a useful analysis tool for research projects, and no comparable systems were publicly available. Used a SQL DB and Excel.
o Provide surveys and analysis of the existing R&D literature, to support various research projects. Topics include computer-security, software exploits, networking, machine learning, etc.
● Software design and programming, for research prototype-systems:
o Programmer, on teams that develop large-scale research prototype-systems, using Python, Bash, C, Excel VBA, and Make. Work on Windows and Linux, using Mercurial, VMs and VM servers.
o Team member on a research project on machine-learning for malware attribution. I developed the cluster-analysis software and implemented data-visualization.
01/1998 – 06/2011: North Carolina State University. Lead researcher for university and Department of Defense (DoD) research projects, as summarized below. A list of my research publications is attached.
06/2000 – 12/2006: Novel research in creating deception-based systems for computer security:
● Invented and designed two deception-based intrusion-detection systems: developed a prototype system (we modified Linux’s NFS); developed network performance models and a simulation; also, designed and implemented a honeynet for system testing.
● Developed a guide-book for designing deception-operations for computer-security. It was well received in the DoD: used in designing a large DoD network-security system, used in a NATO computer-security course, and distributed within Air Force CERT by one of its commanders.
● I initiated these projects and was the lead researcher; formed the research team with three well-known university and CIA (ret.) researchers; we obtained funding from OSD ($100K) and the JTF-GNO ($20K).
● Several papers are published and presented, and I’m the lead author. Presentations include IEEE, ACM, and DoD conferences, and to senior officials at the Office of the Secretary of Defense (OSD)
12/2006: Completed Ph.D. in computer science, at North Carolina State University (NCSU)
● My Ph.D. thesis is a subset of my research in deception for computer security.
11/2007 – 06/2011: Novel research in standardized-processes for computer-security
● Research on standardized-processes for incident-response, in collaboration with an incident-response manager at Cisco. I presented the research at two major computer-security conferences (ACM and DoD).
● Research in support of the university’s large cloud-computing system. I surveyed the existing standardized-processes for secure systems-development and for IT security. I developed guidelines for choosing such processes, wrote a paper and presented it at a major DoD computer-security conference.
02/1999 – 12/2002: Novel research in applying the battlefield-intelligence process to incident-response
● I researched the DoD’s battlefield-intelligence process and adapted it for use in tracking-down hackers on an intranet.
● Made novel discoveries in data-management for incident-response and developed a prototype system.
● I conceived of and lead this research project, and formed collaborations with experts from the FBI (ret.), US Marine Corps, and industry. Funding was from the DoD (DARPA).
● The research received very favorable reviews from the DoD, academia, and law enforcement.
● Published a journal paper; gave presentations at conferences for academia (RAID, at Purdue University), industry (FIRST, in France), and black-hat hackers (Rubicon, in Detroit); DoD presentations to: OSD, a committee of generals (JTF-GNO), and the DoD Computer Forensics Lab (DCFL).
02/1998 – 10/1998: Novel research in network risk-assessment:
● Lead researcher on a project for the National Security Agency (NSA). Investigated the use of engineering reliability-theory for network risk-assessment. The research results were very well received by the sponsor.
12/1984 - 04/1993: IBM; Poughkeepsie, NY; operating-system development; designed and coded new features in IBM's MVS operating system (now called z/OS):
● MVS: IBM's principal mainframe operating system. Developed programs which embody: parallelism, security, error recovery, reentrancy, performance constraints, downward compatibility, high-level and assembly-level languages, documentation in IBM manuals.
● Reliability: My code consistently had very low defect rates, in accordance with the operating-system’s high reliability-requirements.
● Design and code: Evaluated and approved interdivision requests for Job Control Language (JCL) enhancements. Developed JCL-related enhancements. Each enhancement was up to 5,000 LOC (lines of code), and was incorporated within a system consisting of millions of LOC.
● Programming methods: Through self-study initiative, championed a department project introducing JSP, a software engineering design method. We hired a consulting firm to teach JSP to our team.
● Personal awards: Two $1,500 awards, two $100 awards.
08/2008 – 07/2011: North Carolina State University; teaching professor in the College of Management’s IT program, full-time
● Personally received a $35K grant from IBM to develop an on-line graduate course in Agile software engineering. I co-taught this course with one of IBM’s Agile leaders.
05/1995 – 05/2004: North Carolina State University;
part-time instructor in Computer Science and the College of Management.
Summary of courses taught (32):
● Graduate courses (8): Agile software engineering (1), networking (7)
● Undergraduate courses (24) : networking (2), assembly language (4), advanced data structures (1), databases (3), computer security (1), systems analysis and design (4), software project (1), intro. to programming (4), intro. to IT (4)
03/1998 – 10/2009: Agape Corner Boarding School; Durham, NC; teacher and mentor at an inner-city children’s home; volunteer (10 years) and paid (1 year); started and ran the home’s vocational-education program; recruited other volunteer teachers; we built and equipped several workshops
Ph.D. Computer Science: NCSU; 12/2006; thesis on computer security, entitled “Defensive Computer-Security Deception Operations: Processes, Principles and Techniques”; Dorothy Denning (Distinguished Professor at the Naval Postgraduate School) was a committee member and an advisor for much of my thesis
Masters of Computer Science: NCSU; 05/1996; graduate-school GPA (Masters and PhD): 3.7
B.S. Computer Science: North Dakota State University; 12/1984; GPA: overall 3.4, major 3.7
My primary research-publications are on-line here: https://jimyuill.com/cs-research/comp-sec-papers/
All of my publications are listed here: https://jimyuill.com/cs-research/comp-sec-papers/all-publications.html
● Book: 1
● Journal papers: 2
● Conference papers and tutorials: 7
● Conference and workshop presentations: 7
● PhD dissertation and research reports: 3
● Dev-board: ST’s Nucleo-F767ZI
● MCU: ST’s STM32F767ZI
● OS: FreeRTOS
● IDE: STM32CubeIDE
● Debugging tools: Segger’s Ozone and SystemView
● Oscilloscope: PicoScope 2204A
Development systems and tools:
● Languages: C++, C, Python, Bash, assembly (ARM, x86), VBA (for Excel and Word), Make, SQL
● OSes: Linux, Windows
● Source-code management: Mercurial, Git
● VMs: VMware, ESXi, VirtualBox
● IDEs: Visual Studio
● Automated regression-testing tools
● Reverse engineering: IDA Pro, including scripting
IBM mainframe systems:
● MVS (z/OS), JCL, PL/AS (similar to C), assembly, TSO, VM, CMS
Software engineering and quality
● Object-oriented programming
● Agile techniques, especially iterative development (also, I taught a graduate course on Agile)
● Jackson Structured Programming
Security and system-administration (mostly in test-beds):
● Windows workstation
● Network administration, including switches and routers
● Security systems, including endpoint security systems, firewalls, antivirus systems, vulnerability scanners, intrusion detection and response, Tripwire, encryption, etc.
Research and writing:
● MS Word, customized with VBA scripts, for use in research
● MS Office, including Visio
● Advanced search-engine skills: Google, IEEE, and ACM