George Yunaev
SENIOR SOFTWARE ENGINEER, SECURITY ENGINEER
resume@ulduzsoft.com
Phone: +1 (408) 676-6612
San Jose, CA (sorry, not considering relocation)
Contents
SUMMARY
- Yes, I’m U.S. citizen (because that’s the first thing everyone asks)
- Over 20 years of commercial software development experience, mostly in C/C++ on Linux, mostly cross-platform environments. I write efficient, portable and secure code which works on Windows and Linux, ARM and MIPS, 32 and 64bit.
- Easily picking up new languages. I also do quite comprehensive node.js, python and golang.
- Familiar with low-level embedded development, wrote software for Atmel microcontrollers and ESP866 based boards, including communication with various I2C/SPI/prop sensors.
- More than 10 years of commercially licensing the software security SDKs to hundreds of partners, often built from scratch.
- More than 15 years of being a customer-faced engineer, with excellent understanding of the technology licensing business.
- More than 10 years of SDK API designs, development and documentation in multiple languages including C, C++, and Java.
- More than 10 years of reviewing code (both internal and partner) and communication protocols for security, patent and licensing issues; found and fixed those issues.
- In the security (anti-malware) business since 2001, worked for several companies and accumulated significant knowledge. Attended security conferences for many years, including RSA, MWC, Infosec, BH/DefCon and others.
- Over two years of Android development experience, released commercial applications on several markets.
- Multiple years of experience working with Qt library versions 3-5, writing portable UI applications on Windows, Linux and Mac.
- Developed a number of portable, high-available networking Linux and Windows server applications.
- Ported existing software between different operation systems and architectures including Windows/Linux/Mac ARM/aarch64, MIPS 32/64/oabi, PPC64, etc.
- Wrote a number of articles on the security topics, educating the community about the security issues and possible solutions. Co-organized several webinars.
- Reviewed existing software and communication protocols for security, patent and licensing issues; frequently found and fixed those issues.
- Reverse engineering experience including analysis of Windows and Linux executables, kernel drivers, and non-x86 executables.
- Team leader experience, worked under no direct supervision during the last 10 years.
- Fluent in English, Ukrainian and Russian languages.
SKILLS
- C, C++, Perl. Proficient with the Qt framework. Those are tools of trade. Most of the time I write performance-critical networking applications which work on Linux, OS X and Windows.
- Ability to communicate well to non-technical people, and understanding and business needs. I work directly with the business people, helping them to understand technical restrictions and still find the ways to achieve what’s needed for the company to succeed.
- Ability to present information in a structured, organized way. Wrote several articles about security for both technical and non-technical audience, co-organized several webinars.
- API design and documentation experience. An example of an API and documentation could be find here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf
- Expert knowledge in porting existing software to different architectures, operating systems and hardware platforms, including the emerging ones.
- Decent Android development experience, including Java and C w/JNI, and Android NDK. Designed, developed and released several Android applications; some are available at the Google Play and Amazon AppStore.
- Good experience with node.js framework, especially creating backend services, communicators, distributed systems and Web scrapers. Proficient with puppeteer.
- Have experience with security frameworks such as fanotify on Linux and EndpointSecurity on Mac OS X.
- Decent experience in reverse engineering and binary analysis, including non-x86 architectures. This includes malware analysis, and developing decompilers for the bytecode languages to simplify the automatic malware analysis.
- Expert knowledge in TCP/IP networking applications, building high-available servers, and boosting the application network performance. Familiar with most well-known Internet protocols. Developed several cross-platform networking applications on Linux and Windows using epoll and IO Completion Ports.
- Linux user since 2002. Have used, and developed software for FreeBSD, OpenBSD, NetBSD, Mac OS X, Microsoft Windows, Solaris, HPUX and other operating systems.
- Familiar with development boards, u-Boot, TFTP, NFS, serial consoles and other aspects of embedded development. Used OpenWRT/LEDE environment and the build platform it in multiple projects.
- Extensive use of cross-compilers (gcc, mxe, buildroot), virtual machines (VMware and kvm) and build scripts/build systems to simplify simultaneous support for multiple operating systems running on different hardware architectures
FULL TIME EMPLOYMENT HISTORY
(see also part-time projects)
July 2008 – present,
Senior SDK architect and developer at Bitdefender, Santa Clara, CA
I joined Bitdefender in 2008 to start the technology licensing business. During that time I helped to create, document and release a large number of SDKs offering various Bitdefender technologies, and eventually became an SDK Tsar at Bitdefender. I designed and documented the APIs for all the SDKs, and implemented a number of them. I communicate with the prospects and partners to guide them through technical evaluation and integration, and to learn their needs better. During my time Bitdefender technologies were evaluated by over 1000 prospects and we have over 120 partners using our technologies. I analyze products on the market products and help our sales team to develop the best strategies to sell against competitors. I also helped internal teams with various tasks, from research projects to code security reviews.
- Designed, developed and maintained the efficient, user-friendly, stable and powerful public API for the majority of Bitdefender SDKs. The major focus was on exposing as many underlying features as possible in an easy-to-understand way while making the integration easier, and supporting full backward compatibility.
- Wrote and maintained the developer-oriented documentation for all the SDKs. The documentation was written for OEM partners, and included generic SDK information, HOWTO section (“If you want that, here’s how to do it”), and the API reference. Carefully explained all known problems the partners might get into during the SDK integration, based on my past experience. The total size of all the documentation written was over 400 pages
- Performed security architecture reviews of several Bitdefender technologies. Identified the security issues, suggested modifications which preserved backward compatibility while ensuring better security for our customers and partners.
- Participated in architecting, designing and implementing Bitdefender IoT Security solutions. Created a demo device (Raspberry Pi/OpenWRT) which emulated multiple vulnerable IoT devices to allow partners to easily demo the protection functionality.
- Based on partner feedback, implemented from scratch a caching and offline solution for Bitdefender Cloud Services. Built on Node.JS and Redis, and deployed on premises. It was tested to handle up to 20k simultaneous connections per instance, and significantly reduced load on Bitdefender Cloud while providing partners with better control.
- Supervised the Open Source use inside Bitdefender. Compiled and maintained the list of currently used Open Source libraries together with their licenses. Clarified the license for the Open Source where it was missing or unclear (often required to contact the author). Working together with Legal department, evaluated the requested 3rd party libraries for compliance, including both Open Source and commercial libraries. Educated team members on Open Source licenses, compliance rules, and the difference between GPLv2/v3.
- Provided the integration engineering support, including architecture reviews, to the over 100 Bitdefender OEM technology licensees. While working directly with the licensees analyzed the customer requirements and suggesting the best architecture and integration scenario in a customer-facing environment, often in the field.
- Worked with different development teams in the company headquarters in Romania to manage the current action items and open tickets. This includes both everyday email and phone communications, and visiting the headquarters 3-5 times a year. Taught the developers the best practices for portable programming, and enhanced the teams’ productivity by suggesting and helping with deployment of different tools, such as cross-compilers to make builds faster, easier and more reliable.
- Developed the Android bytecode analyzer and the Android malware detection engine while working closely with the anti-malware research team. Created the anti-malware SDK for Android platform which used Java and C modules accessed through the JNI interface.
- Implemented a portable ICAP/SPAMD anti-malware server. The server was implemented using epoll and handled up to 1500 concurrent connections. The project also required implementing a test ICAP client which was used to test both the functionality and the performance of the product. Both the server and the client were written in C++, and supported Linux.
- Ported the anti-malware and anti-spam engines to MIPS/x86_64/PowerPC/different ARM platforms on variety of operating systems, supporting a variety of different ABIs, hard/soft floats etc, all with minimal code changes. Involved writing and debugging machine code for a number of different CPUs..
- Participated in patent reviews to ensure that the company technology does not infringe specific patents.
- Participated in creating the new portable SDKs. Ported the existing BitDefender SDKs to Linux/Unix, including x86_64 build. The goal was to keep the code portable between platforms, including future platforms.
- Developed a CoreDNS plugin (in golang) to integrate Bitdefender technologies with CoreDNS.
- Published series of articles about technology licensing:
- Sharing knowledge about why companies license technology from other companies and to other companies, and explaining the biggest myth in technology licensing;
- A series of 9 articles about building a good SDK explains how to make the SDK good, why certain architecture decisions are important, and what should require absolute attention;
- Published several articles on malware and cybersecurity topics.
Aug 2005 – May 2008
Senior Unix Software Developer at Kaspersky Lab Customized Solutions, San Jose, CA
Senior Unix Software Developer at Kaspersky Lab Customized Solutions, San Jose, CA
Once Kaspersky Lab decided to start licensing their anti-malware technologies,I moved to Kaspersky Lab newly established technology licensing business after moving to California in 2005. I have helped building up the partner base, developed new SDKs and enhanced the old ones to make them easier to integrate, and provided necessary integration help as the only available engineer. I also continued working on various projects I worked on at Kaspersly Lab in Moscow.
- Worked closely with multiple development teams of Kaspersky Lab OEM partners to help them to integrate our technology into their products. Provided development help and support in form of e-mail communication, source code review, remote debugging and on-site visits when necessary.
- Developed a kernel module for Mac OS X 10.4+ to provide on-access scanning capatibilities for Kaspersky Anti-Virus for Mac. This required extensive studying of existing MacOS X documentation and available source code, and a lot of experimental work.
- Reviewed Kaspersky implementations, and worked with the legal team to form a legal opinion confirming that the product implementation does not infringe a specific patent. Educated the developers about patents, how to read them and and how to make sure the implementation does not infringe a patent.
- Ported the anti-virus engine to Mac OS X, and PowerPC CPU, AMD x86_64 and Cavium MIPS architectures.
- Modified a gcc compiler source code, for gcc to be able automatically generate byte order independent machine code. This was intended to easy the porting of the software between little-endian and big-endian hardware platforms. The integration patch was written in C and was used during the
- After talking to partners’ software developers who used our technology, created a new API for Kaspersky SDK, and completely rewrote the SDK documentation for developers. Both SDK and documentation addressed most issues the partners complained about. After the new version was released, the number of SDK integration support issues decreased dramatically, and allowed more efficient use of company resources.
Feb 2001 – Aug 2005
Senior Software Developer, Product Architect at Kaspersky Lab HQ, Moscow, Russia
Senior Software Developer, Product Architect at Kaspersky Lab HQ, Moscow, Russia
Kaspersky Lab back in 2001 was a small but promising security company offering a good quality antivirus software. I joined Kaspersky Lab as Linux software engineer hired for a specific urgent but difficult project related to porting the Kaspersky engine to Sparc platform. Once the project was successfully finished, other projects of similar difficulty and diversity followed. I handled tasks from software porting to analyzing malware and creating decompilers. During this time I was promoted to be the head of Unix product development team, reporting to CTO and supervising 7 people.
- Led a team of seven, analyzing the product requirements, preparing design documents, developing the components architecture, creating and maintaining project plans, and writing reports using MS Project and MS Office/OpenOffice. Made decisions regarding tools used for development, external libraries and tools.
- Designed and developed an automated software build system, which handled the whole UNIX software building process for all Kaspersky Lab Unix products. The system handled everything from the checking out the application source code to the producing ready-to-install packages. There was no Jenkins at that time.
- Designed and developed a Kaspersky Antivirus on-access kernel driver for Linux and FreeBSD.
- Reverse-engineered the compilers and created two decompilers for proprietary BASIC-type languages, for purpose of malware analysis for the malware written in those langugages.
- Designed and developed Kaspersky Anti-Virus for Sun Messaging Server and HPUX Openmail. Very strict timeline, and undocumented proprietary integration protocol, which needed to be reverse-engineered, made it an interesting project. Solved both of them rather unconventionally, and impressed our technical teams who thought it was not possible.
- Ported several components, including the anti-virus enginel, from MS Windows platform to several hardware and software platforms, including x86 (Linux, FreeBSD, OpenBSD), Sparc (Solaris), HP-UX, and ARM (Linux). The challenge was that the original code was written without having portability in a mind, so a lot of code was simply non-portable, and had to be rewritten. Developed a compatibility library, which goal was to simplify the porting process. Wrote the documentation, and presented it to the company engineers to teach them about the portability issues, with instructions how to write portable code. This was very new at that time in Russia.
Feb 2000 – Feb 2001
Software Developer at ITCS International, Kiev, Ukraine
Software Developer at ITCS International, Kiev, Ukraine
ITCS was a new company focused on custom software development, which I was honored to be invited to join as the third employee. There I worked on many different but relatively small projects for the clients around the world. In several months the company grew up in size and I was leading a team of 3 developers while continuing working on diverse project ranging from custom networking servers to Web development and Flash programming. Notable projects would include:
- Led the team of developers for the fast and secure credit card transaction server for a large financial customer. The server worked with AmEx terminals over Internet using the ISO 8583 protocol. Designed and developed the server part of the client-server solution, using C++ as a primary language. Also developed a test AmEx terminal, using Perl, to simplify automatic testing process.
- Designed and developed a Java-like (but more limited) language compiler, and its bytecode interpreter for an embedded environment. The purpose of language was to enable the non-programmer customers to program certain tasks in a simple way (and they did not want to use LUA). The language compiler was developed using flex/bison as grammar parsers, and the rest of code was written in portable C++, so it worked both under MS Windows and UNIX flavors.
Jun 1997 – Feb 2000
Software Developer at Ukrpage, Lviv, Ukraine
Software Developer at Ukrpage, Lviv, Ukraine
Ukrpage was a telecommunication company offering paging service in Ukraine. I joined the company to write new software to enhance the services offered by the company. During this time I designed, developed and maintained the full stack of the company internal software which provided paging service to the users. From the client end to the backend, everything was my responsibility. I have also implemented a number of new services, from TNPP monitor to DTMF paging and POCSAG signal validator.
Jan 1996 – May 1997
Software Developer at Eles, Ltd, Lviv, Ukraine
Software Developer at Eles, Ltd, Lviv, Ukraine
Eles was a small company focused on image processing. There I developed a set of libraries to handle image processing and conversion in the embedded hardware.
May 1993 – Dec 1995
Software Developer at Lviv Attraction, Lviv, Ukraine
Software Developer at Lviv Attraction, Lviv, Ukraine
Lviv Attraction was a state company maintaining the arcade machines in Ukraine. There I extended the functionality of existing x86-based arcade machines, fixed the firmware bugs, added Ukrainian localization and reprogrammed it to accept new Ukrainian currency.
PART-TIME PROJECTS
Those projects were done as part-time jobs, in the areas where I felt the necessity to boost up my skills or to solve an interesting technical problem.
2017-Present
AVR/C++ and Android/Java/HTML5 developer
Developed a SmartHome IoT project, which utilized Android tablets as user interface to control various home devices – sprinkers, thermostats, door locks and so on. Designed, traced and built hardware based on AT90USB647 and ATTINY85, from creating the schematics and tracing the PCB (in Kicad) to building working prototypes. Wrote both the Android UI part (which implemented Web-based UI, allowing to show the same UI on multiple devices) and the controller part. The controller read the data from sensors (BME280 and DS1820) and sent it to Android via USB by emulating the Android Accessory API
2010-2016
C++ Software Developer and Architect at Citrix (formerly ScaleXtreme, Inc)
C++ Software Developer and Architect at Citrix (formerly ScaleXtreme, Inc)
ScaleXtreme was a company (acquired by Citrix) which provided the cloud management service for virtual machines. I was honored to be invited to join ScaleXtreme on the part-time basis, as the company was founded by my ex-colleagues. There I designed and developed the overall software architecture linking the components together, designed the secure communication system among them and created and maintained the discovery server component, which is a central piece linking the components together.
- Participated in designing the complete cloud application architecture. Suggested some key features, created and maintained design documents.
- Designed and developed the networking server which tracks different cloud components, helps them to find each other, retrieve the information about other connected components, and initiate inter-component communications. The server supports up to 50,000 simultaneous connections, uses client and server certificates for mutual authentication, uses TLS for encryption, and will support scaling. The server was written in C++, used epoll and OpenSSL.
- Developed the high performance proxy server for Windows and Linux to work in the disconnected environments. The server used OpenSSL and used epoll on Linux and IOCP on Windows. The challenge was to keep the shared codebase, and it was successful.
2008-2014
Python porting / Qt GUI development at Lexam Research
Python porting / Qt GUI development at Lexam Research
Lexam Research is a company offering the simulation software to scientists, which acquired some projects I worked in Calabazas Creek Research. I joined it on a project basis, working periodically on different projects as needed.
- Ported a large UI application with over 120 dialogs from Python to C++. The functionality was also extended as requested by the customer. The project was written in C++ using Qt 4, uses gcc on Unix, and MinGW and NSIS installer on MS Windows. Perl scripts were also created to convert a large number of dialogs into UI files. A set of build scripts has been created to build both Windows and Linux version directly from Linux workstation using cross-compiled MinGW compiler and NSIS for Linux.
Summer 2009
Networking / ICAP Linux development at Infowatch
Networking / ICAP Linux development at Infowatch
- Created an ICAP server for intercepting the HTTP traffic to detect the leaked information. The server supported a requested subset of ICAP commands plus mandatory minimum required by RFC. The server passed the content to an external shared library using the agreed upon interface which was discussed with, and approved by the company. The server supported 204, keep-alive and other advanced options, but provided workarounds for the ICAP clients which did not support them. Written in portable C++, ICAP server was developed primarily for Linux, but should work on any other platform with pthreads.
2006-2009
GUI / Qt development for Linux/Windows at Calabasas Creek Research
GUI / Qt development for Linux/Windows at Calabasas Creek Research
- Ported the plasma engine simulation toolkit to Qt4 and Linux. The main challenge was to port the graphics code, which used Dislin graphics library. Dislin was a closed-source library with a sparse documentation, which did not document its internals, so some reverse engineering was necessary. The project was written in C++ using Qt 4. The project has been finished with two people, and I worked with another engineer who I found, trained and supervised.
- Implemented the complex GUI to a scientific application. The GUI was mostly used on Microsoft Windows, but since there was a possibility to run the application on OS X the Qt Toolkit was used again. The GUI was very complex, having more than 60 dialog windows, and a dozen of custom widgets, so the proper architecture and separating common code was a must. While the GUI itself wasn’t a major challenge, the number of windows, and their combinations, required a lot of efforts to keep the code base maintenable, since the whole project has been done by one person. The expression evaluator module required good knowledge of bison and flex as well as their integration into C++ language, and into qmake build system. The project was written in C++ using Qt 4, uses gcc and rpm on Unix, and MinGW and NSIS installer on MS Windows. A set of build scripts has been created to build both Windows and Linux version directly from Linux using cross-compiled MinGW compiler and NSIS for Linux. The project took approximately one man-year of part-time work.
- Ported the physics simulation toolkit to Windows/Linux/MacOSX port using Qt4. The original source code was written in C++ using xlib X Window functions, so X Window knowledge was required to complete the port. An important requirement was to provide the source code compatibility with applications using the toolkit.
2006-2007
System library development at Centromeric, Inc.
System library development at Centromeric, Inc.
- Created a generic abstraction interface to provide the company’s application a consistent interface to intercept and sometime alter the system calls across Linux operating systems. The goal was to add extra functionality to any application without having access to the application source code. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep systems level knowledge to overcome implementation differences across multiple operating systems. The project was coded in C/C++ using GCC and has been tested on Linux Red Hat 7.3 and above.
- Created a method to intercept and change the Win32 API calls for a specific Windows binary. The goal was to add extra functionality to any application without having access to the application source code, or patching it. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep understanding of PE files format, Windows system calls and good knowledge of x86 Assembler to write a loader and to debug problems. The project was coded in C++ and x86 assembler using mingw and MSVC, and supported Windows 2000, XP and 2003.
September 2005
GUI / Qt development for Windows at Skyler.
GUI / Qt development for Windows at Skyler.
- Developed a GUI according to the draft specification. The company had to make the product available on a very short call. The goal was to develop GUI for the data processing library according to the API provided. While the GUI itself was not that complex, requiring only several custom widgets and had less than ten total windows, the very short deadline was a challenge – five calendar days (with two weekend days) for the whole project, including QA and integration. The development was done on Linux using Qt4, and additionally tested and debugged on Windows. KDevelop and Visual C++ were used as IDEs. The project was finished on time.
OPEN SOURCE PROJECTS
The author and the developer of following Open Source projects, which are freely available together with the source code:
- Author and maintainer of Kchmviewer located at http://sourceforge.net/projects/kchmviewer. This is a free viewer for CHM (Compiled Help Manual) files. It has a number of unique features such as tab browsing and the best support for non-English CHM files including search. The only CHM viewer with native KDE support. Stable, mature version, with the first release in 2005 using Qt3, and then successfully ported to Qt4 and then to Qt5 application. Released under GNU General Public License.
- Author of Karaoke Lyrics Editor located at http://sourceforge.net/projects/karlyriceditor. This is an editor for lyrics files for Karaoke songs, allowing users to create their own Karaoke songs in popular formats, including CD-G export. It uses Qt5 framework, and SDL and FFMpeg to play music files, and export the lyric videos. First release in 20XX. Available under GNU General Public License.
- Author of libircclient located at http://sourceforge.net/projects/libircclient. This is IRC client library, which handles everything someone needs to build their own IRC client or bot. Stable, mature version, started in 2004 and completed in 2005 but still supported and used by several other projects. The API is well-documented here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf. Released under GNU General Public License.
- Author of Spivak Karaoke Player located at https://github.com/gyunaev/spivak. This is a free, open-source, cross-platform Karaoke player supporting Linux, Windows and Mac OS X. It supports a large number of Karaoke formats, including some reverse-engineered ones. It also has an impressive set of features, including modern responsive Web interface based on HTML5/AJAX. It is implemented using Qt5 and GStreamer multimedia framework, integrated into Travis CI, and is available since 2016 under GNU General Public License.
Authored several articles on software development, reverse engineering and system administration:
- How to send and receive data between your IoT device and Android device using USB;
- Two articles about multimedia frameworks: Why you shouldn’t probably use Qt5 QMediaPlayer and QtMultimedia, FFMpeg, Gstreamer: comparing multimedia frameworks;
- select / poll / epoll for system architects (http://www.ulduzsoft.com/?p=816) is an article which covers the difference between those polling methods and explains when each method applicable.
- How does the reverse engineering work (http://www.ulduzsoft.com/?p=636) – this is a series of four posts which explains how the reverse engineering works to the general public using some popular file formats as an example. Part 4 (http://www.ulduzsoft.com/?p=651) is advanced, and explains how even an encrypted file format could be reversed in some cases.
- FontPreference dialog for Android (http://www.ulduzsoft.com/?p=579) explains how to implement the font selection dialog on Android. Other articles on the same topic include ChooseFile/ChooseDirectory dialog, and ColorPreference dialog .
PROFESSIONAL CERTIFICATION
Certified by Coursera in the following Cybersecurity specialization courses:
- Software Security (Apr 2015) with distinction;
- Hardware Security (May 2015) with distinction;
- Cryptography (May 2015) with distinction;
- Usable Security (Sep 2015) with distinction;
Passed the ‘Writing Secure Code’ course by Stanford (Nov 2014)
EDUCATION
B.S from Lviv National Polytechnic University in Ukraine. The degree and the diploma have been evaluated by the U.S. professional evaluation agency to be an equivalent to the Bachelor of Science in Systems and Control Engineering.
HOBBIES
My passion is traveling – I have visited 62 countries (mostly in Europe and Asia) and been to 24 states. I am an experienced skydiver, ride the wakeboard and enjoy camping and outdoors.
REFERENCES
Excellent professional and personal references available.