Security architect · Developer advocate · Open source community builder

I work at the intersection of AI infrastructure, digital sovereignty, and the communities that build on both. My career has been about one thing: translating complex systems into things engineers actually want to engage with. Open source projects, keynotes, curricula, writing, community programmes. I care deeply about who controls the infrastructure AI runs on, and I build tools and spaces to help engineers think clearly about that.

Right now I'm Technical Director at Gadfly AI LLC, working on AI governance tooling for high-stakes sectors. I helped found the OpenSSF AI/ML Working Group and I'm still actively mentoring a community of security engineers through OpenSSF.

My Github/Codeberg contributions were lower than usual in 2025 because I sat down and wrote Code, Chips and Control (Leanpub, 2025). It was worth the time, and it is worth the read.

An open source analysis of tribal sovereignty posture with data, software and hardware attestation. It uniquely closes a gap between compliance documentation and operational reality because it was originally built for Pueblo and Tribal governments: where the stakes around data sovereignty, jurisdictional provenance, and attestation are higher than anywhere else in the regulatory landscape. That discipline now extends to engineers navigating the EU AI Act, DORA, NIS2, and beyond. The tool verifies that technical implementations actually satisfy their stated controls that anyone can use, and a version built for easy use by tribal community structures of consent and sovereignty.

Keynotes

• FOSDEM 2026 Mainstage Cybersecurity Keynote: The Hidden Life of Infrastructure: How Control Moves Through Code, Chips and Nations
• Open Computing (OC3) Keynote 2024: The Road Ahead: How Confidential Computing Will Evolve
• Open Source Day Keynote, Florence 2025: Law and Technology: Foundations and Future of Computational Justice
• State of Open UK 2023 Keynote: Regulation by Telemetry: How to Fix Open Source Security by 2030

Panels & Talks

• KubeCon EU 2026: Practical Preparation for the Next Software Supply Chain Attack; Platform Engineering & Zero-Day Preparation
• FCC Technical Advisory Committee 2022: Open Source: Safe Uses of AI and ML (invited presenting member)
• AI.Dev Summit: Why a Universal Definition of Open Source AI is Essential for Humanity
• OSS North America 2024: Hardware in Space: The Kernel at the Edge of the Universe
• SLOConf 2022: Culture Clash: DevOps and Security

• 📘 Code, Chips and Control: The Security Posture of Digital Isolation (Leanpub, 2025)
• 📝 Open Source is Dead: Understanding the HashiCorp License Controversy — HackerNoon Editorial Selection, 2023 · 19,233 reads
• 📝 Open Source is Not Dead...It's Just Forked — HackerNoon, 2025
• 🖊️ Aeon Essays: longer-form writing on technology, ethics, and systems
• 📡 Confidential Computing Blog · HackerNoon · Security Boulevard

• Co-founder and contributor, OpenSSF AI/ML Working Group: helped establish the working group and continue contributing to Security Scorecard and AI Risk Management guidance
• Co-Maintainer, CHAOSS Data Science Working Group: open source metrics for project health, sustainability, and security posture
• OpenUK International Ambassador (2021 to 2025): co-authored AI for Public Good report delivered to the House of Lords
• Community organiser: founded Nightmare Before Coding in London; currently building Immutable
• Director, OurWorlds Inc.: cybersecurity and privacy governance for an extended-reality platform serving Indigenous communities

• The Present Dev Podcast: Host
• Breaking Barriers: Open Source Cybersecurity and Mentorship: TechStrong TV
• Cybersecurity Attacks on Developers: The Data Standard

• 2025: Top 100 Women in AI Ethics™
• 2024: Security Woman of the Year, Security Excellence Awards (Shortlisted)
• 2023: Most Innovative Tech Leader, Innovation in UK Business Awards
• 2023: UK Top 50 Open Source Contributor, OpenUK + ARM Exhibition
• 2020: CodeWorks Code Educator Award

I mentor a small cohort of developers and early-career researchers working at the points and intersections of cybersecurity, high performance compute and open source goverance. If that sounds like you, reach out and tell me about the open source project you are building, who you are building it for, and why.

LinkedIn · salkimmich.com · HackerNoon

Before you go: a poem I come back to when I need reminding to build with both resilience and wonder. The Pragmatist's Guide to Magic.