Natalie Somersall

Natalie Somersall

🗺️ Washington, DC and Denver, CO metro areas

✍🏻 Blog - https://some-natalie.dev

🎤 Speaking - https://some-natalie.dev/speaking

👩🏻‍💻 GitHub - https://github.com/some-natalie

💼 LinkedIn - https://www.linkedin.com/in/nsomersall


Chainguard - Principal Solutions Engineer, 2024-present

  • Build Public Sector sales as the first engineer dedicated to the vertical. Ramp and mentor the team to a dozen engineers, each with growing territories to drive millions in revenue from greenfield.
  • Lead first-of-its-kind proof of concepts on complex migrations into containerized workloads, regulated artificial intelligence (AI) applications, promotion across air-gaps and other compliance boundaries as needed, and adoption of FIPS-validated cryptography.
  • Setup delivery on secure networks, meeting customers where they are at to expand market access.
  • Demonstrate business value of application security and software supply chain best practices to a myriad of regulatory frameworks and guidelines, now including NIST Secure Software Development Framework and Application Container Security Guide .
  • Executive briefings and thought leadership to support a rapidly-growing technology and audience.

GitHub - Senior Solutions Engineer, 2021-2024

  • Partner exclusively with the most security-conscious customers, guiding them on meeting their development and security needs within the entire GitHub Enterprise platform and integrations.
    • Evaluating and securely deploying artificial intelligence (AI) across the development lifecycle, then assessing business and application security impacts
    • Automating and building the infrastructure to support it safely
    • Cultural changes of internal collaboration
    • Rolling out application security programs company-wide
    • Cybersecurity deployment and compliance planning (eg, CMMC, ITAR, FedRAMP, SOX) of enterprise software factories
  • Consistent quota attainment of over 150% every half.
  • Develop custom solutions such as human-friendly Kubernetes runners or managing an enterprise-wide security team across the largest GitHub customers.
  • Thought leadership, speaking and writing about developer problems within regulated industries, and customer advocacy within our Product and Engineering teams.
  • Mentorship throughout the solutions team to ensure continued career and sales growth.

Booz Allen Hamilton - Lead Engineer, 2015-2021

  • Lead consolidation of developer tools within CMMC and ITAR compliance including:
    • Plan of Action and Milestones (POA\&M) management for enterprise-wide systems
    • Application security tools to centralized reporting within Cybersecurity Team
    • Source control to GitHub Enterprise Server (several thousand active users)
    • CI/CD to GitHub Actions in on-premises bare-metal Kubernetes
    • Custom audit reports, saving thousands of dollars per year on audits per consolidated system
    • Drive adoption via migration on on support and community engagement, saving hundreds of thousands of dollars in reduced support ticket volume each year
  • Develop a data lake for actionable business insights into developer productivity, tool adoption trends across several dozen sources, and talent planning.
  • Lead a team for Linux infrastructure operations for Cybersecurity and Incident Response supporting threat hunting, insider risk, penetration testing, incident response, and vulnerability management.
  • Develop infrastructure for exploratory AI/ML workloads with white-box GPUs and custom Linux kernel versions (similar to fedora-acs-override ) for effective scheduling across tenants.
  • Create critical cross-team business processes for software development firm-wide.
    • Open-source license risk assessment and mitigation
    • Automated compliance auditing and alerting for developer tools
    • Revamp the process to open-source internally developed software
  • Consolidate Global Hosting Services environments via Rundeck, vSphere, and SaltStack.
  • 🛠️ Container Escapes 101 (August 2025), an interactive workshop at the AppSec Village at DEF CON 33 . Let’s figure out if we’re in a container, chart our path out, and try out some container escapes live! (link , writeup and demos)
  • 🎙️ Signing and Verifying Multi-Architecture Containers with Sigstore (June 2025) at OpenSSF Community Day NA 2025 . We’ll run through real-world weirdness managing multi-architecture images at scale, including how some registries and pull-through caches behave unexpectedly with other enterprise software. (slides with writeup, YouTube )
  • 🎙️ A Gentle Introduction to Container Security (June 2025) at BSides Boulder crafts a threat model of containerized applications for developers, security engineers, and policymakers alike. We’ll break down the key security risks at each layer of the container ecosystem while providing actionable insights for assessing and mitigating threats. (slides with writeup)
  • 🎙️ Whodunnit? A git repo mystery (June 2024) at BSides Boulder recounts many lessons learned the hard way to figure out who did what, when, where, and why in a git repository - then prove it in an audit. (slides with writeup, YouTube )
  • Adjunct Instructor, ITT Technical Institute, Salem, VA (2011 – 2013) - Courses taught include Linux System Administration, IP Networking (CCNA exams 1-3), Database Development (SQL), Structured Cabling, Windows Desktop Support, Windows Server and Exchange Server.

Education