Embedded Systems, Book Writing, and Open-Source Development --
University Teaching ---------------------------------------------------------------------
Computer-Security Software Development -------------------------------------
Computer-Security Research --------------------------------------------------------
Operating-System Development ----------------------------------------------------
University Teaching ---------------------------------------------------------------------
Education -----------------------------------------------------------------------------------
Publications -------------------------------------------------------------------------------
Technical Skills ---------------------------------------------------------------------------
Jim Yuill
Greenville, SC
jimyuill@gmail.com
August 2024
Summary: Computer systems R&D, for over 30 years. Most recently, 2½ years in embedded-systems development. Previously, 17 years in computer security R&D (7 years with a military Top Secret clearance), 7 years in operating-systems development at IBM, and 6 years of university teaching. PhD in computer science from North Carolina State University (NCSU, 2006), with a thesis in computer security, which is highly cited
Note: For my classified military work, I am permitted to describe my
related job-skills, but not project details.
1/2021 – 10/2023: I took a sabbatical to learn embedded-systems programming. This included writing a book on real-time operating systems, and developing an open-source app.
2/2022 – 10/2023: Book writing, for the publisher Packt. Lead author for the second edition of a book on real-time operating systems (RTOSes), by invitation of the publisher
● We successfully completed the book, including engineering and editorial reviews. Publication was pushed-out to 10/2024, to accommodate additional content offered by the first-edition author.
● The title is, Hands-On RTOS with Microcontrollers: Building real-time embedded systems using FreeRTOS, STM32 MCUs, and SEGGER debug tools (second edition).
● The FreeRTOS operating-system is presented, along with 28 programs (in C). The programs run on an embedded-systems development-board (STM32).
● I made extensive improvements to the first-edition’s writing and code; also found and fixed many bugs from the first edition. I added new content on the hardware, super-loops, FreeRTOS installation, scheduler, etc.
● Extensively researched and used the book’s system-software and hardware: FreeRTOS, STM’s IDE, Segger debugging tools, HAL and CMSIS libraries, dev-board, MCU, and debug-probe.
● I recruited a senior embedded-systems engineer to advise and co-author. I did 90% of the development.
● First-edition: https://tinyurl.com/y54m7u7c
1/2021 – 2/2022: I wrote a 70-page study-guide for the first edition of the aforementioned FreeRTOS book.
● I read that book as part of self-study in embedded-systems programming. From in-depth study, I found many errors in the book’s text and code.
● The study-guide provides bug fixes and additional tutorial information.
● After seeing my study-guide, the book’s publisher asked me to write the second edition.
● The study-guide: http://tinyurl.com/3j63m54v
I created a novel open-source app named WordWebNav. It converts Word
documents to useful webpages.
● I wrote the app to put the study-guide on my website, as there were no comparable tools.
● I also wrote the app to show my programming skills, as I can’t disclose my classified projects.
● Word can save documents as HTML, but the webpage has formatting problems and HTML bugs. My app fixes that, and it adds webpage features.
● I used a rigorous development process, e.g., design, code, test, and documentation.
● Used Python (2,400 lines), CSS (400 lines), JavaScript (150 lines), and Word VBA (600 lines).
● The app was positively reviewed on Hack A Day: http://tinyurl.com/mrxj3mk4.
● The app’s webpage: http://tinyurl.com/8w62h5w3
12/2019 – 12/2020: Bob Jones University, Associate Professor, Computer Science Department; Greenville, SC
● Temporary job, and I was offered a 1-year extension, but declined
● Subjects taught: penetration-testing (Kali Linux, VMs, TCP/IP, nmap), intro to programming (Python, Visual Basic), Microsoft Office
● I redesigned the intro-to-programming course, and much of it was adopted by the university.
● At my manager’s request, I created a new course on penetration testing (ethical hacking). It’s typically a senior-level course, but this experimental course was for sophomores, so I had to create the course material.
2/2018 – 10/24/2019: Raytheon, in the division “Cyber Offense and Defense Experts”; Greenville, SC. Senior Cyber Engineer I, with Top Secret clearance. Systems-programming, for classified computer-security systems
● Programming to add features to three complex networking systems. I worked at the packet level, to make IP-stack protocols do things they weren’t designed to do. Used raw sockets.
● Designed a networking-based computer-security system (3 months), including analysis of attacks and defenses. I created an abstract model for this type of system. The model greatly aided system-understanding and design. Researched the related open-source intelligence. Coding was estimated to be 8+ person-months.
● Created test-networks, using VMs on a virtual-network, and Linux bridges.
● For testing, installed endpoint security (various products): AV, firewalls, and enterprise-security systems.
● Programmed multi-threading and inter-process communication, on Linux and Windows.
● Used C++, Python, Boost, WinDbg, Git.
1/2017 – 1/2018: Siege Technologies; Rome, NY. Software engineer, with Top Secret clearance, for computer-security systems and projects, both classified and unclassified
● Primary assignments were to investigate advanced technologies, and to create reports and software that enabled the team to use the technologies. The technologies included avionics-networking and GPS.
● I created a packet-level networking application (Python), working from the protocol specifications. It involved complex systems-programming, at the bit-level, to encode and decode packets.
● Two months of experience with penetration testing, and object-code reverse engineering using IDA Pro
● I did extensive research of the Linux distributions’ package-managers, to get thorough information about installed packages.
● Used Python, C, assembly languages (ARM and x86), Bash, IDA Pro, Pascal, RS-232.
My research is in computer-security systems, processes, and models. It includes invention, design, and development. Areas I’ve worked in include: deception for computer-security, intrusion detection, attribution of attacks, incident response, risk analysis, and standards for security development and assurance. My research publications are online here: http://tinyurl.com/38sn4ha3.
11/2011 – 12/2016: Lockheed Martin; Cherry Hill, NJ. Research scientist for DoD computer-security R&D, both classified and unclassified. Top Secret clearance. Member of the Advanced Technology Laboratories (ATL), an applied research division focused on creating novel prototype systems, at large scale. I often worked directly for a Senior Fellow (Lockheed’s highest engineering position).
Highlights of my work:
● Research and system-design:
o I was the lead subject-matter expert for most of ATL’s cyber-deception research. I also advised on deception use for other weapon systems.
o Work with DoD program-managers to develop new DARPA research programs. For one program, I was one of two Lockheed technical leads, and the customer identified us as his favored team among the contractors. Lockheed won a $4M contract which evolved from that program.
o Research on using deception to counter hackers from foreign intelligence-services. Developed novel requirements-analysis and system designs.
o Created a novel database for software exploits (hacker programs) and software vulnerabilities. The system was a useful analysis tool for research projects, and no comparable systems were publicly available. Used an SQL DB and Excel.
o Provide surveys and analysis of the existing R&D literature, to support various research projects.
● Software design and programming, for research prototype-systems:
o Programmer, creating features for large-scale prototype-systems, using Python, Bash, C, Excel VBA, and Make. Worked on Windows and Linux, using Mercurial, VMs and VM servers.
o Team member on a machine-learning project for malware attribution. I developed the cluster-analysis software and implemented data-visualization.
o Designed and coded a secure system for a software-package’s repository, build system, and distribution. The purpose was to counter exfiltration.
o For testing, used an automated system that: creates VMs and virtual networks, installs OSes and apps, and runs regression tests.
01/1998 – 06/2011: North Carolina State University. Lead researcher for university and Department of Defense (DoD) research projects.
Highlights of my work:
06/2000 – 12/2006: Novel research in creating deception-based systems for computer security:
● Invented and designed two deception-based intrusion-detection systems (IDSes): developed a working prototype (modified Linux’s NFS), developed network performance-models and a simulation, and designed and implemented a honeynet for system testing.
● Developed a guidebook for designing deception-operations for computer-security. It was well received in the DoD: used in designing a large DoD network-security system, used in a NATO computer-security course, and distributed within Air Force CERT by one of its commanders.
● I initiated these projects and was the lead researcher. Formed the research team with two well-known university and CIA (ret.) researchers. We obtained funding from OSD ($100K) and the JTF-GNO ($20K).
● Several papers are published and presented, and I’m the lead author. Presentations include IEEE, ACM, and DoD conferences, and to a senior official at the Office of the Secretary of Defense (OSD).
12/2006: Completed Ph.D. in computer science, at North Carolina State University (NCSU)
● My Ph.D. thesis is a subset of my research in deception for computer security.
11/2007 – 06/2011: Novel research in standardized processes for computer-security:
● Research on standardized processes for incident-response, in collaboration with an incident-response manager at Cisco. I presented the research at two major computer-security conferences (ACM and DoD).
● Research on standardized processes for secure systems-development and for IT security (e.g., SDL, NIST). I developed guidelines for choosing such processes, and presented a paper at a major DoD conference.
02/1999 – 12/2002: Novel research in applying the battlefield-intelligence process to incident-response:
● I researched the DoD’s battlefield-intelligence process and adapted it for use in tracking-down hackers on an intranet.
● Published a journal paper. Gave presentations at conferences for academia (RAID, at Purdue University), industry (FIRST, in France), and black-hat hackers (Rubicon). Gave DoD presentations to: OSD, a committee of generals (JTF-GNO), and the DoD Computer Forensics Lab (DCFL).
02/1998 – 10/1998: Novel research in network risk-assessment:
● Lead researcher on a project for the National Security Agency (NSA). Investigated the use of engineering reliability-theory for network risk-assessment. The research results were very well received by the sponsor.
12/1984 – 03/1993: IBM; Poughkeepsie, NY. Operating-system development. Designed and coded new features in IBM's MVS operating system (now called z/OS). The code is still in active use, 35 years later.
● MVS: IBM's principal mainframe operating-system. Developed programs which embody: parallelism, security, error recovery, reentrancy, performance constraints, and downward compatibility. Used a proprietary C-like language, and assembly language. Wrote documentation for IBM manuals.
● Reliability: My code had very low defect rates, per the system’s high reliability-requirements.
● Design and code: Evaluated and approved interdivision requests for Job Control Language (JCL) enhancements. Developed JCL-related enhancements. Each enhancement was up to 5,000 LOC (lines of code), and was incorporated within a system of millions of LOC.
● Programming methods: Through self-study initiative, championed a department project introducing JSP, a software-engineering design method. We hired a consulting firm to teach JSP to our team.
● Personal awards: Two $1,500 awards, two $100 awards
08/2008 – 07/2011: North Carolina State University. Teaching professor in the College of Management’s IT program, full-time
● Personally obtained a $35K grant from IBM to develop an online graduate course in Agile software engineering. I co-taught this course with one of IBM’s Agile leaders.
05/1995 – 05/2004: North Carolina State University. Part-time
instructor in Computer Science and the College of Management.
Summary of all university courses taught (32):
● Graduate courses (8): Agile software engineering (1), networking (7)
● Undergraduate courses (24): networking (2), assembly language (4), advanced data structures (1), databases (3), computer security (1), systems analysis and design (4), software project (1), intro. to programming (4), intro. to IT (4)
03/1998 – 10/2009: Agape Corner Boarding School; Durham, NC. Teacher and mentor at an inner-city children’s home. Volunteer (10 years) and paid (1 year). Started and ran the home’s vocational-education program. Recruited other volunteer teachers. We built and equipped several workshops.
Ph.D. Computer Science: NCSU, 2006. Thesis on computer security, entitled “Defensive Computer-Security Deception Operations: Processes, Principles and Techniques.” My primary research advisor was Dorothy Denning, Distinguished Professor at the Naval Postgraduate School.
Masters of Computer Science: NCSU, 1996. Graduate school GPA (Masters and PhD): 3.7
B.S. Computer Science: North Dakota State University, 1984. Undergrad GPA: overall 3.4, major 3.7
My primary research-publications are online: http://tinyurl.com/38sn4ha3.
All of my publications are listed here: http://tinyurl.com/j3kc4e6m.
Publication summary (20):
● Book (pending publication): 1
● Journal papers: 2
● Conference papers and tutorials: 7
● Conference and workshop presentations: 7
● PhD dissertation and research reports: 3
Embedded systems:
● Dev-board: ST’s Nucleo-F767ZI
● MCU: ST’s STM32F767ZI
● CPU: Arm, e.g., Cortex- M7
● OS: FreeRTOS
● IDE: STM32CubeIDE
● Debugging tools: Segger’s Ozone and SystemView
● Oscilloscope: PicoScope 2204A
Development systems and tools:
● Languages: C++, C, Python, Bash, assembly (ARM, x86), VBA (for Excel and Word), VB, Make, SQL
● OSes: Linux, Windows
● Source-code management: Mercurial, Git
● VMs: VMware, ESXi, VirtualBox
● IDEs: Visual Studio
● Testing tools: automated host and network deployment; automated testing for apps
● Reverse engineering: IDA Pro (and scripting)
IBM mainframe systems:
● MVS (z/OS), JCL, PL/X (similar to C), assembly, TSO, VM, CMS
Software engineering and quality
● Object-oriented programming
● Agile techniques (also, I taught a graduate course on Agile)
● Jackson Structured Programming
Security and system-administration (mostly in test beds):
● Linux
● Windows workstation
● Network administration, including switches and routers
● Security systems, including endpoint security systems, firewalls, antivirus systems, vulnerability scanners, intrusion detection and response, Tripwire, encryption, etc.
Research and writing:
● MS Word, customized with VBA scripts
● MS Office, including Excel, Access, Visio, and PowerPoint
● Markup languages: HTML, XML, LaTeX, GML