About

Lightfoot Labs is run by Jaime Lightfoot, who is an independent security researcher, EE, and full-stack developer with over 10 years of experience. She specializes in embedded systems within trucking, automotive, and other critical infrastructure, helping companies find and assess vulnerabilities and working with their engineers to fix the gaps. She is a long-time CTF player, infosec speaker, and volunteer.
About

Back when I was fresh out of college and a newly minted electrical engineer, I continued to teach myself new skills and languages, and documented all of it on a personal blog deemed my “laboratory”. I realize now that the handful of visits that appeared on my analytics page were likely just bots, but I loved sharing my knowledge nonetheless.

While that blog is no longer up, it was the origin of the name Lightfoot Labs. That tradition of sharing what I’ve learned turned into a business in late 2022 focusing on security training, and has since expanded into other areas.

Experience

I have over a decade of experience in embedded systems, software development, and security.

  • I graduated with a BSEE from Grand Valley State University and was inducted into the engineering honor society (Tau Beta Pi). Later, I was invited back to teach the Intro to Embedded Systems laboratories.
  • Experience with embedded hardware design (schematic and layout work using Mentor Graphics, EagleCAD and KiCad) for automotive testing, military, and consumer products.
  • Firmware development and testing (in C) for heavy trucking safety applications, commercial food products and furniture manufacturing.
  • Custom software development for a range of customers from Fortune 500 to startups, across 12 languages, in web, mobile, IoT and desktop. This includes heavy trucking telematics, “smart” furniture, upgrading trucking maintenance software, and logistics software.
  • Security testing including pentesting of heavy trucking, automotive, and ICS products for a variety of OEMs and Tier 1 Suppliers; research and recommendations for secure design; and technical writing and whitepapers for partner organizations. I also hold my OSCP.
  • Security trainings including running US Cyber Challenge’s CTF for the past 5 years, building the first hands-on ICS CTF at my previous employer, developing presentations for area companies to identify security risks within projects and teams, teaching web hacking alongside SANS instructors at USCC’s bootcamp, and other hands-on labs.

I believe that in this industry, technical skills are table stakes. Working face-to-face with customers as a consultant, plus my background actually building the systems I now test, allows me to provide recommendations that are not only pragmatic but empathetic. Positive change does not happen through pie-in-the-sky advice or demeaning interactions with the SMEs who will be applying mitigations, so I focus on building relationships as a crucial part of my security efforts.

Talks

I have presented at a number of conferences and meetups, including:

  • “Securing Legacy Maintenance Software” at NMFTA Cybersecurity Conference (10/2024)
  • “Hacking Trucks through RP1210 Shimming Attacks” at GrrCon (9/2024)
  • “CANBus” for SANS ICS Concepts (5/2021)
  • “Intro to Hardware Hacking with a DRM’d LED Mask” at Grimmcon 0x4 (3/2021) and Great Lakes Security Conference (4/2021)
  • “Car (to Cloud) Talk: Using MQTT for Car Hacking” at Car Hacking Village (8/2020) and ASRG (8/2020)
  • “Exploit Education: From Your First BoF to Writing Shellcode” at USCC (7/2020)
  • “Security Research 101: Exploit Discovery & Engineering” for GR-ISSA (1/2020)
  • “The Birds and the PCBs: Where Baby Circuit Boards Come From” workshop for Diana Initiative (8/2019)
  • “World Building as a Service” for an internal company conference (3/2018)
Mentoring at CyberTruck Challenge / Instructing a Bitcamp learn-to-code camp for middle school girls

Community Involvement

One of my favorite things about the cybersecurity and software communities is the sharing and DIY spirit. To give back, I have:

  • Created CTF challenges for The Diana Initiative and Car Hacking Village (at Defcon)
  • SoftwareGR Speaker Series director, finding and hosting speakers across the country to present in Grand Rapids on a range of software topics.
  • SoftwareGR treasurer and board member, helping direct fundraising efforts and educational initiatives year-round.
  • Change the Code (formerly Bitcamp) board member and instructor, teaching middle school girls about software development at daycamps, and directing a rebrand.
  • Miscellaneous mentoring and volunteering at conferences… if you are trying to get into the field, send me an email!