https://some-natalie.dev/ Things I'm learning, working on, or thinking about. All opinions and snark my own. 2026-04-03T19:11:02-06:00 Natalie Somersall https://some-natalie.dev/ Jekyll © 2026 Natalie Somersall /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-31T00:00:00-06:00 2026-03-31T00:00:00-06:00 https://some-natalie.dev/blog/chargeback-buildout/ Natalie Somersall

We left off with a laptop and a database serving as a bare-minimum proof of concept. It works, but not enough to be usable. Starting a project from scratch doesn’t have to be toil. Moving this into “real infrastructure” gave me an opportunity to implement quality of life improvements. Let’s do databases better this time By this point, the project had expanded beyond one person’s exploratio...

2026-01-25T00:00:00-07:00 2026-01-27T10:20:41-07:00 https://some-natalie.dev/blog/fipsd-it/ Natalie Somersall

Cryptography seems deceptively simple until you get into implementation. Tempted by shortcuts to save money, organizations ship something “just good enough” to pass compliance checks. I see this all the time working with the public sector and companies in highly-regulated industries making new products or trying to enter the market for the first time. Just when you think you’ve done everythi...

2026-01-04T00:00:00-07:00 2026-03-31T22:29:46-06:00 https://some-natalie.dev/blog/chargeback-basics/ Natalie Somersall

How do you know how much each business unit is using across any number of licensed software or consumably-billed SaaS or compute products? Let’s scope actually doing this having done it before. It sounds a lot easier when I started than it was when finished, yet it’s one of the most common stories I’m asked to tell. There’s some trauma here, but lots of lessons learned too. 😅 This is the...

2025-11-22T00:00:00-07:00 2025-11-23T08:53:14-07:00 https://some-natalie.dev/blog/image-risks/ Natalie Somersall

You’ve locked down your runtime, orchestrator, and hosts. Now how about what’s actually running inside of those containers? Container images are too often treated as black boxes until something goes wrong. Different scanning tools can give wildly different results, vulnerabilities hide in plain sight, and that “secure” base image might do no good if you’re configuring it poorly. Welcome to t...

2025-11-12T00:00:00-07:00 2025-11-22T21:09:08-07:00 https://some-natalie.dev/blog/registry-risks/ Natalie Somersall

All of these containers are images … somewhere. That ‘somewhere’ is an artifact (or container) registry. What risks can we find in our container registry? Broadly speaking, there are two types of container registries - public registries and private registries. Public registries are websites on the open internet that anyone can publish their software too. These include a ton of popular webs...