🗺️ Denver, CO metro area

✍🏻 Blog - https://some-natalie.dev

🎤 Speaking - https://some-natalie.dev/speaking

👩🏻‍💻 GitHub - https://github.com/some-natalie

💼 LinkedIn - https://www.linkedin.com/in/nsomersall

---

Chainguard - Principal Solutions Engineer, 2024-present

• Build Public Sector sales at a startup as the first solutions engineer dedicated to the vertical. Grow the team within a year to include a manager and several peers supporting sales team growth.
• Facilitate proof of concepts on complex migrations into containerized workloads, regulated artificial intelligence (AI) applications, promotion across air-gaps and other compliance boundaries as needed, and adoption of FIPS-validated cryptography.
• Setup delivery on secure networks, meeting customers where they are at to expand market access.
• Demonstrate business value of application security and software supply chain best practices to a myriad of regulatory frameworks and guidelines, now including NIST Secure Software Development Framework and Application Container Security Guide .

GitHub - Senior Solutions Engineer, 2021-2024

• Partner exclusively with the most security-conscious customers, guiding them on meeting their development and security needs within the entire GitHub Enterprise platform and integrations.
  • Evaluating and securely deploying artificial intelligence (AI) across the development lifecycle, then assessing business and application security impacts
  • Automating and building the infrastructure to support it safely
  • Cultural changes of internal collaboration
  • Rolling out application security programs company-wide
  • Cybersecurity deployment and compliance planning (eg, CMMC, ITAR, FedRAMP, SOX) of enterprise software factories
• Consistent quota attainment of over 150% every half.
• Develop custom solutions such as human-friendly Kubernetes runners , managing an enterprise-wide security team across the largest GitHub customers, and other projects you can browse here .
• Thought leadership, speaking and writing about developer problems within regulated industries, and customer advocacy within our Product and Engineering teams.
• Mentorship throughout the solutions team to ensure continued career and sales growth.

Booz Allen Hamilton - Lead Engineer, 2015-2021

• Lead consolidation of developer tools within CMMC and ITAR compliance including:
  • Plan of Action and Milestones (POA&M) management for all findings in these enterprise-wide systems
  • Application security tools to centralized reporting within Cybersecurity Team
  • Source control to GitHub Enterprise Server (several thousand active users)
  • CI/CD to GitHub Actions in on-premises bare-metal Kubernetes
  • Custom audit reports, saving thousands of dollars per year in time spent on audits per consolidated system decommissioned
  • Drive adoption via migration on on support and community engagement, saving hundreds of thousands of dollars in reduced support ticket volume each year
• Develop a data lake for actionable business insights into developer productivity, tool adoption trends across several dozen sources, and talent planning.
• Lead a team for Linux infrastructure operations for Cybersecurity and Incident Response supporting diverse needs for threat hunting, penetration testing, incident response, and vulnerability management.
• Develop infrastructure for exploratory AI/ML workloads with white-box GPUs and custom Linux kernel versions (similar to fedora-acs-override ) for effective scheduling across tenants.
• Create critical cross-team business processes for software development firm-wide.
  • Open-source license risk assessment and mitigation
  • Automated compliance auditing and alerting for developer tools
  • Revamp the process to open-source internally developed software
• Consolidate Global Hosting Services environments via Rundeck and vSphere.
  • Rewrite cron jobs, calendar events, handwritten docs, and many scripting languages
  • Create, test, and deploy configuration management with SaltStack

Related experience

• 🎙️ Whodunnit? A git repo mystery (June 2024) at BSides Boulder recounts many lessons learned the hard way to figure out who did what, when, where, and why in a git repository - then prove it in an audit. (slides with writeup, YouTube )
• 🎙️ A Gentle Intro to Container Escapes (March 2024) at Pancakescon 5 is an overview of what containers are, demonstrate a few escape paths, and common ways to prevent this exploit. (slides with writeup, YouTube )
• 🎙️ Threat Modeling the GitHub Actions Ecosystem (June 2023) at BSides Boulder is a tour through the four questions outlined in the Threat Modeling Manifesto to create an enterprise-ready threat model for implementing GitHub Actions securely. (slides with writeup, YouTube )
• 🎙️ Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller (February 2023) at CNCF CloudNativeSecurityCon North America is a deep dive into the security considerations of running self-hosted GitHub Actions compute with actions-runner-controller . (slides with writeup, YouTube )

Related prior employment

• Adjunct Instructor, ITT Technical Institute, Salem, VA (2011 – 2013) - Courses taught include Linux System Administration, IP Networking (CCNA exams 1-3), Database Development (SQL), Structured Cabling, Windows Desktop Support, Windows Server and Exchange Server.

Education

• Master’s of Science in Engineering from Virginia Tech
• Bachelor’s of Science in Engineering from Virginia Tech , double major