Skip to content

Latest commit

 

History

History
68 lines (50 loc) · 6.28 KB

RESUME.md

File metadata and controls

68 lines (50 loc) · 6.28 KB
Raw

Natalie Somersall

🗺️ Denver, CO metro area

✍🏻 Blog - https://some-natalie.dev

🎤 Speaking - https://some-natalie.dev/speaking

👩🏻‍💻 GitHub - https://github.com/some-natalie

💼 LinkedIn - https://www.linkedin.com/in/nsomersall

Chainguard - Principal Federal Solutions Engineer, 2024-present

  • Build Federal sales at a startup as the first solutions engineer dedicated to the vertical.
  • Facilitate proof of concepts on complex containerized applications, promoting across airgaps and other compliance boundaries as needed.
  • Demonstrate business value of application security and software supply chain best practices to a myriad of regulatory frameworks and guidelines, now including NIST Secure Software Development Framework and Application Container Security Guide.

GitHub - Senior Solutions Engineer, 2021-2024

  • Partner exclusively with the most security-conscious customers, guiding them on meeting their development and security needs within the entire GitHub Enterprise platform and integrations.
    • Evaluating and securely deploying artificial intelligence (AI) across the development lifecycle, then assessing business and application security impacts
    • Automating and building the infrastructure to support it safely
    • Cultural changes of internal collaboration
    • Rolling out application security programs company-wide
    • Cybersecurity deployment and compliance planning (eg, CMMC, ITAR, FedRAMP, SOX) of enterprise software factories
  • Consistent quota attainment of over 150% every half.
  • Develop custom solutions such as human-friendly Kubernetes runners, managing an enterprise-wide security team across the largest GitHub customers, and other projects you can browse here.
  • Thought leadership, speaking and writing about developer problems within regulated industries, and customer advocacy within our Product and Engineering teams.
  • Mentorship throughout the solutions team to ensure continued career and sales growth.

Booz Allen Hamilton - Lead Engineer, 2015-2021

  • Lead consolidation of developer tools within CMMC and ITAR compliance including:
    • Plan of Action and Milestones (POA&M) management for all findings in these enterprise-wide systems
    • Application security tools to centralized reporting within Cybersecurity Team
    • Source control to GitHub Enterprise Server (several thousand active users)
    • CI/CD to GitHub Actions in on-premises bare-metal Kubernetes
    • Custom audit reports, saving thousands of dollars per year in time spent on audits per consolidated system decommissioned
    • Drive adoption via migration on on support and community engagement, saving hundreds of thousands of dollars in reduced support ticket volume each year
  • Develop a data lake for actionable business insights into developer productivity, tool adoption trends across several dozen sources, and talent planning.
  • Lead a team for Linux infrastructure operations for Cybersecurity and Incident Response supporting diverse needs for threat hunting, penetration testing, incident response, and vulnerability management.
  • Develop infrastructure for exploratory AI/ML workloads with white-box GPUs and custom Linux kernel versions (similar to fedora-acs-override) for effective scheduling across tenants, among other in-house solutions.
  • Create critical cross-team business processes for software development firm-wide.
    • Open-source license risk assessment and mitigation
    • Automated compliance auditing and alerting for developer tools
    • Revamp the process to open-source internally developed software
  • Consolidate Global Hosting Services environments via Rundeck and vSphere.
    • Rewrite cron jobs, calendar events, handwritten docs, and many scripting languages
    • Create, test, and deploy configuration management with SaltStack

Related experience

  • 🎙️ Whodunnit? A git repo mystery (June 2024) at BSides Boulder recounts many lessons learned the hard way to figure out who did what, when, where, and why in a git repository - then prove it in an audit. (slides with writeup shortly after talk)
  • 🎙️ A Gentle Intro to Container Escapes (March 2024) at Pancakescon 5 is an overview of what a container is, demonstrate how to escape from it, and common ways to prevent this exploit. (slides with writeup)
  • 🎙️ Threat Modeling the GitHub Actions Ecosystem (June 2023) at BSides Boulder is a tour through the four questions outlined in the Threat Modeling Manifesto to create an enterprise-ready threat model for implementing GitHub Actions securely. (slides with writeup, YouTube)
  • 🎙️ Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller (February 2023) at CNCF CloudNativeSecurityCon North America is a deep dive into the security considerations of running self-hosted GitHub Actions compute with actions-runner-controller. (slides with writeup, YouTube)

Related prior employment

  • Adjunct Instructor, ITT Technical Institute, Salem, VA (2011 – 2013) - Courses taught include Linux System Administration, IP Networking (CCNA exams 1-3), Database Development (SQL), Structured Cabling, Windows Desktop Support, Windows Server and Exchange Server.

Education

  • Master's of Science in Engineering from Virginia Tech (2012)
  • Bachelor's of Science in Engineering from Virginia Tech, double major (2010)