🗺️ Denver, CO metro area

✍🏻 Blog - https://some-natalie.dev

🎤 Speaking - https://some-natalie.dev/speaking

👩🏻‍💻 GitHub - https://github.com/some-natalie

💼 LinkedIn - https://www.linkedin.com/in/nsomersall

---

Chainguard - Principal Solutions Engineer, 2024-present

• Build Public Sector sales at a startup as the first solutions engineer dedicated to the vertical. Grow the team within a year to include a manager and several peers supporting sales team growth.
• Facilitate proof of concepts on complex migrations into containerized workloads, regulated artificial intelligence (AI) applications, promotion across air-gaps and other compliance boundaries as needed, and adoption of FIPS-validated cryptography.
• Setup delivery on secure networks, meeting customers where they are at to expand market access.
• Demonstrate business value of application security and software supply chain best practices to a myriad of regulatory frameworks and guidelines, now including NIST Secure Software Development Framework and Application Container Security Guide .

GitHub - Senior Solutions Engineer, 2021-2024

• Partner exclusively with the most security-conscious customers, guiding them on meeting their development and security needs within the entire GitHub Enterprise platform and integrations.
  • Evaluating and securely deploying artificial intelligence (AI) across the development lifecycle, then assessing business and application security impacts
  • Automating and building the infrastructure to support it safely
  • Cultural changes of internal collaboration
  • Rolling out application security programs company-wide
  • Cybersecurity deployment and compliance planning (eg, CMMC, ITAR, FedRAMP, SOX) of enterprise software factories
• Consistent quota attainment of over 150% every half.
• Develop custom solutions such as human-friendly Kubernetes runners , managing an enterprise-wide security team across the largest GitHub customers, and other projects you can browse here .
• Thought leadership, speaking and writing about developer problems within regulated industries, and customer advocacy within our Product and Engineering teams.
• Mentorship throughout the solutions team to ensure continued career and sales growth.

Booz Allen Hamilton - Lead Engineer, 2015-2021

• Lead consolidation of developer tools within CMMC and ITAR compliance including:
  • Plan of Action and Milestones (POA&M) management for all findings in these enterprise-wide systems
  • Application security tools to centralized reporting within Cybersecurity Team
  • Source control to GitHub Enterprise Server (several thousand active users)
  • CI/CD to GitHub Actions in on-premises bare-metal Kubernetes
  • Custom audit reports, saving thousands of dollars per year in time spent on audits per consolidated system decommissioned
  • Drive adoption via migration on on support and community engagement, saving hundreds of thousands of dollars in reduced support ticket volume each year
• Develop a data lake for actionable business insights into developer productivity, tool adoption trends across several dozen sources, and talent planning.
• Lead a team for Linux infrastructure operations for Cybersecurity and Incident Response supporting diverse needs for threat hunting, penetration testing, incident response, and vulnerability management.
• Develop infrastructure for exploratory AI/ML workloads with white-box GPUs and custom Linux kernel versions (similar to fedora-acs-override ) for effective scheduling across tenants.
• Create critical cross-team business processes for software development firm-wide.
  • Open-source license risk assessment and mitigation
  • Automated compliance auditing and alerting for developer tools
  • Revamp the process to open-source internally developed software
• Consolidate Global Hosting Services environments via Rundeck and vSphere.
  • Rewrite cron jobs, calendar events, handwritten docs, and many scripting languages
  • Create, test, and deploy configuration management with SaltStack

Related experience

• 🛠️ Container Escapes 101 (August 2025), an interecative workshop at the AppSec Village at DEF CON 33 . Let’s figure out if we’re in a container, chart our path out, and try out some container escapes live! (link , slides, writeup, and demos)
• 🎙️ Signing and Verifying Multi-Architecture Containers with Sigstore (June 2025) at OpenSSF Community Day NA 2025 . We’ll run through real-world weirdness I’ve helped folks through managing multi-architecture images at scale, including how some registries and pull-through caches behave unexpectedly with other enterprise software. (slides with writeup, YouTube )
• 🎙️ A Gentle Introduction to Container Security (June 2025) at BSides Boulder crafts a threat model of containerized applications for developers, security engineers, and policymakers alike. We’ll break down the key security risks at each layer of the container ecosystem while providing actionable insights for assessing and mitigating threats. (slides with writeup)
• 🎙️ Whodunnit? A git repo mystery (June 2024) at BSides Boulder recounts many lessons learned the hard way to figure out who did what, when, where, and why in a git repository - then prove it in an audit. (slides with writeup, YouTube )

Related prior employment

• Adjunct Instructor, ITT Technical Institute, Salem, VA (2011 – 2013) - Courses taught include Linux System Administration, IP Networking (CCNA exams 1-3), Database Development (SQL), Structured Cabling, Windows Desktop Support, Windows Server and Exchange Server.

Education

• Master’s of Science in Engineering from Virginia Tech
• Bachelor’s of Science in Engineering from Virginia Tech , double major