Book-Writing and Open-Source Development ----------------------------
University Teaching ----------------------------------------------------------------
Computer-Security Software Development --------------------------------
Computer-Security Research ---------------------------------------------------
Operating-System Development -----------------------------------------------
University Teaching ----------------------------------------------------------------
Education ------------------------------------------------------------------------------
Publications --------------------------------------------------------------------------
Technical skills ----------------------------------------------------------------------
Jim Yuill
Greenville, SC
jimyuill@gmail.com
April 2024
Summary of skills and experience: Computer-systems R&D, for over 30 years. Most recently, 2-1/2 years in embedded-systems development. Previously, 17 years in computer-security R&D (7 years with a military Top Secret clearance), 7 years in operating-systems development at IBM, and 6 years of university teaching. PhD in computer science from North Carolina State University (NCSU, 2006), with a thesis in computer security, which is highly cited.
Note: for my classified military work, I am permitted to describe my
related job-skills, but not project details.
2/2022 to 10/2023: Book-writing, for the publisher Packt. Lead author for the second-edition of a book on real-time operating systems (RTOSes), by invitation of the publisher.
● The book is written (including engineering and editorial reviews), and it is pending publication.
● The title is, Hands-On RTOS with Microcontrollers: Building real-time embedded systems using FreeRTOS, STM32 MCUs, and SEGGER debug tools, second edition
● The FreeRTOS operating-system is presented, along with 28 programs (C language). The programs run on an embedded-systems development-board (STM32).
● I made extensive improvements to the first-edition’s writing and code, also found and fixed many bugs from the first-edition. I added new content, including new chapters on the hardware, super-loops, FreeRTOS installation, etc.
● Extensively researched and used the book’s system-software and hardware: FreeRTOS, IDE (STM32CubeIDE), debugging tools (Segger’s Ozone and SystemView), HAL and CMSIS libraries, dev-board (Nucleo-F767ZI), MCU (STM32F767ZI), and debug-probe (J-Link).
● I recruited a senior embedded-systems engineer to advise and co-author. I did 90% of the writing, programming, and research for the second edition.
● First-edition: https://www.amazon.com/Hands-RTOS-Microcontrollers-Building-real-time/dp/1838826734/
1/2021 to 2/2022: Open-source development. I wrote a 70-page study-guide for the first-edition of the aforementioned FreeRTOS book.
● I read that book as part of self-study in embedded-systems programming. From in-depth study, I found many errors in the book’s text and code.
● The study-guide contains: bug fixes, additional tutorial information, and also, fixes for bugs I found in FreeRTOS itself and a SEGGER debugging tool.
● After seeing my study-guide, the book’s publisher asked me to write the second edition.
● The study-guide: http://tinyurl.com/3j63m54v
I created a novel open-source app named WordWebNav, that converts Word
documents to useful web-pages.
● I wrote the app so I could put that study-guide on my web-site, as there were no comparable tools.
● I also wrote it to demonstrate my programming skills, as I can’t disclose my military classified projects.
● Word can save documents as HTML, but the web-page has formatting problems and HTML bugs. My app fixes that, and it adds missing web-page features.
● I used a rigorous development process, over all life-cycle stages, e.g., coding, test, documentation, etc.
● Used Python (2,400 lines), CSS (400 lines), JavaScript (150 lines), and Word VBA (600 lines).
● The app was positively reviewed on the “Hack A Day” web-site: http://tinyurl.com/mrxj3mk4
● The app’s web-page: http://tinyurl.com/8w62h5w3
12/2019 to 12/2020: Bob Jones University, Associate Professor, Computer Science Department; Greenville, SC.
● Full-time teaching position. Temporary job, and I was offered a 1-year extension, but declined.
● Subjects: penetration-testing (Linux, VMs, TCP/IP, nmap, Kali Linux), intro to programming (Python, Visual Basic), Microsoft Office.
● I redesigned the intro-to-programming course, and much of my changes were adopted by the university.
● At my manager’s request, I created a new computer-security course on penetration-testing (ethical hacking). Such a course is typically for upper-classmen, but this experimental course was for underclassmen.
2/2018 to 10/24/2019: Raytheon, in the division “Cyber Offense and Defense Experts”; Greenville, SC. Senior Cyber Engineer I, with Top Secret clearance. Systems-programming, for classified computer-security systems.
● Programming to add features to three complex networking applications. I worked at the packet level, to make IP-stack protocols do things they weren’t designed to do. Used raw sockets.
● Designed a networking-based computer-security system (3 months), including analysis of attacks and defenses. I created an abstract-model for this general type of computer-security system. The model greatly aided system-understanding and design. Researched and prototyped complex networking solutions, to use protocols in unintended ways, in an adversarial environment. Researched the open-source intelligence for this type of system. The system’s implementation was estimated at 8+ person-months.
● Create test-networks: VMs on a virtual-network, Linux bridges.
● For testing, install endpoint security (various products): anti-virus, firewalls, enterprise security managers.
● Multi-threading and inter-process communication, on Linux and Windows.
● C++, Python, Boost, WinDbg, Git.
1/2017 to 1/2018: Siege Technologies; Rome, NY. Software engineer, with Top Secret clearance, for computer-security systems and projects, both classified and unclassified.
● Primary assignments were to investigate advanced technologies, and to create reports and software that enabled the team to use the technologies. The technologies included avionics networking-systems and a GPS communication-system.
● I created a packet-level networking application (Python), using the communication-protocol’s specifications. It involved complex systems-programming, at the bit-level, to encode and decode packets.
● Two months of experience with computer-security penetration-testing, and object-code reverse-engineering using IDA Pro.
● I did extensive research of the primary Linux distributions’ package-managers, to figure-out how to get highly reliable and thorough information about installed packages.
● Python, C, assembly languages (ARM and x86), Bash, IDA Pro (scripting), Pascal, RS-232.
My research includes: the invention, design, and development of computer-security systems, processes, and models. Areas I’ve worked in include: deception for computer-security, intrusion detection, attribution of attacks, incident response, risk analysis, and standards for security development and assurance. A section below has links to my research publications, and some are highly-cited.
11/2011 – 12/2016: Lockheed Martin; Cherry Hill, NJ. Research scientist for DoD computer-security R&D programs, both classified and unclassified. Top Secret clearance. Member of the Advanced Technology Laboratories (ATL), an applied research division focused on creating novel prototype systems, at large scale. I often worked directly for a Senior Fellow (Lockheed’s highest engineering position). Highlights of my work:
● Research and system-design:
o I was the lead subject-matter-expert for most of ATL’s cyber-deception research. I also advised on deception use for other weapon systems, which included shaping overall-approaches and techniques.
o Work with DoD program managers to develop new DARPA research programs. For one program, I was one of two Lockheed technical leads, and the customer identified us as his favored team among the contractors. Lockheed won a $4M contract which evolved from that program.
o Research on using deception to counter hackers from foreign intelligence-services. Developed novel requirements-analysis and system-designs. It was for an anticipated DARPA research program.
o Created a novel data-base for software-exploits (hacker programs) and software-vulnerabilities. Collected data from extensive Internet sources. The system was a useful analysis tool for research projects, and no comparable systems were publicly available. Used a SQL DB and Excel.
o Provide surveys and analysis of the existing R&D literature, to support various research projects. Topics include computer-security, software exploits, networking, machine learning, etc.
● Software design and programming, for research prototype-systems:
o Programmer, creating features for large-scale research prototype-systems, using Python, Bash, C, Excel VBA, and Make. Worked on Windows and Linux, using Mercurial, VMs and VM servers.
o Designed and coded a secure system for a software-package’s repository, build system, and distribution. The system includes a revision-control process, customized code-distributions, and extensive security controls.
o Used and configured an automated test-system that creates VMs and virtual networks, installs OSes, and apps, and runs regression tests.
o Team member on a research project on machine-learning for malware attribution. I developed the cluster-analysis software and implemented data-visualization.
01/1998 – 06/2011: North Carolina State University. Lead researcher for university and Department of Defense (DoD) research projects, as summarized below. Links to my research publications are below.
06/2000 – 12/2006: Novel research in creating deception-based systems for computer security:
● Invented and designed two deception-based intrusion-detection systems: developed a prototype system (we modified Linux’s NFS); developed network performance models and a simulation; also, designed and implemented a honeynet for system testing.
● Developed a guide-book for designing deception-operations for computer-security. It was well received in the DoD: used in designing a large DoD network-security system, used in a NATO computer-security course, and distributed within Air Force CERT by one of its commanders.
● I initiated these projects and was the lead researcher; formed the research team with three well-known university and CIA (ret.) researchers; we obtained funding from OSD ($100K) and the JTF-GNO ($20K).
● Several papers are published and presented, and I’m the lead author. Presentations include IEEE, ACM, and DoD conferences, and to senior officials at the Office of the Secretary of Defense (OSD).
12/2006: Completed Ph.D. in computer science, at North Carolina State University (NCSU)
● My Ph.D. thesis is a subset of my research in deception for computer security.
11/2007 – 06/2011: Novel research in standardized-processes for computer-security
● Research on standardized-processes for incident-response, in collaboration with an incident-response manager at Cisco. I presented the research at two major computer-security conferences (ACM and DoD).
● Research on standardized-processes for secure systems-development and for IT security (e.g., SDL, NIST). I developed guidelines for choosing such processes, and presented a paper at a major DoD conference.
02/1999 – 12/2002: Novel research in applying the battlefield-intelligence process to incident-response
● I researched the DoD’s battlefield-intelligence process and adapted it for use in tracking-down hackers on an intranet.
● Published a journal paper; gave presentations at conferences for academia (RAID, at Purdue University), industry (FIRST, in France), and black-hat hackers (Rubicon, in Detroit); DoD presentations to: OSD, a committee of generals (JTF-GNO), and the DoD Computer Forensics Lab (DCFL).
02/1998 – 10/1998: Novel research in network risk-assessment:
● Lead researcher on a project for the National Security Agency (NSA). Investigated the use of engineering reliability-theory for network risk-assessment. The research results were very well received by the sponsor.
12/1984 - 04/1993: IBM; Poughkeepsie, NY; operating-system development; designed and coded new features in IBM's MVS operating system (now called z/OS)
● MVS: IBM's principal mainframe operating system. Developed programs which embody: parallelism, security, error recovery, reentrancy, performance constraints, downward compatibility, high-level and assembly-level languages, documentation in IBM manuals. Used a proprietary C-like language.
● Reliability: My code consistently had very low defect rates, in accordance with the operating-system’s high reliability-requirements.
● Design and code: Evaluated and approved interdivision requests for Job Control Language (JCL) enhancements. Developed JCL-related enhancements. Each enhancement was up to 5,000 LOC (lines of code), and was incorporated within a system consisting of millions of LOC.
● Programming methods: Through self-study initiative, championed a department project introducing JSP, a software-engineering design method. We hired a consulting firm to teach JSP to our team.
● Personal awards: Two $1,500 awards, two $100 awards.
08/2008 – 07/2011: North Carolina State University; teaching professor in the College of Management’s IT program, full-time
● Personally received a $35K grant from IBM to develop an on-line graduate course in Agile software engineering. I co-taught this course with one of IBM’s Agile leaders.
05/1995 – 05/2004: North Carolina State University;
part-time instructor in Computer Science and the College of Management.
Summary of all university courses taught (32):
● Graduate courses (8): Agile software engineering (1), networking (7)
● Undergraduate courses (24) : networking (2), assembly language (4), advanced data structures (1), databases (3), computer security (1), systems analysis and design (4), software project (1), intro. to programming (4), intro. to IT (4)
03/1998 – 10/2009: Agape Corner Boarding School; Durham, NC; teacher and mentor at an inner-city children’s home; volunteer (10 years) and paid (1 year); started and ran the home’s vocational-education program; recruited other volunteer teachers; we built and equipped several workshops
Ph.D. Computer Science: NCSU; 12/2006; thesis on computer security, entitled “Defensive Computer-Security Deception Operations: Processes, Principles and Techniques”; Dorothy Denning (Distinguished Professor at the Naval Postgraduate School) was a committee member and an advisor for much of my thesis
Masters of Computer Science: NCSU; 05/1996; graduate-school GPA (Masters and PhD): 3.7
B.S. Computer Science: North Dakota State University; 12/1984; GPA: overall 3.4, major 3.7
My primary research-publications are on-line here: http://tinyurl.com/38sn4ha3
All of my publications are listed here: http://tinyurl.com/j3kc4e6m
Publication summary (20):
● Book (pending publication): 1
● Journal papers: 2
● Conference papers and tutorials: 7
● Conference and workshop presentations: 7
● PhD dissertation and research reports: 3
Embedded-systems:
● Dev-board: ST’s Nucleo-F767ZI
● MCU: ST’s STM32F767ZI
● OS: FreeRTOS
● IDE: STM32CubeIDE
● Debugging tools: Segger’s Ozone and SystemView
● Oscilloscope: PicoScope 2204A
Development systems and tools:
● Languages: C++, C, Python, Bash, assembly (ARM, x86), VBA (for Excel and Word), Make, SQL
● OSes: Linux, Windows
● Source-code management: Mercurial, Git
● VMs: VMware, ESXi, VirtualBox
● IDEs: Visual Studio
● Automated regression-testing tools
● Reverse engineering: IDA Pro, including scripting
IBM mainframe systems:
● MVS (z/OS), JCL, PL/AS (similar to C), assembly, TSO, VM, CMS
Software engineering and quality
● Object-oriented programming
● Agile techniques, especially iterative development (also, I taught a graduate course on Agile)
● Jackson Structured Programming
Security and system-administration (mostly in test-beds):
● Linux
● Windows workstation
● Network administration, including switches and routers
● Security systems, including endpoint security systems, firewalls, antivirus systems, vulnerability scanners, intrusion detection and response, Tripwire, encryption, etc.
Research and writing:
● MS Word, customized with VBA scripts, for use in research
● MS Office, including Visio
● Markup languages: HTML, XML, LaTeX, GML