Skip to content
View pethers's full-sized avatar
173 followers · 1.1k following

Achievements

Achievement: Pair Extraordinairex3Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair Extraordinairex3Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Organizations

@Hack23

Block or report pethers

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
pethers/README.md

CEO/Founder Hack23 | Security & Open Source Expert | Cloud Security Specialist | Information Security Professional

WebsiteLinkedInGitHubOpenHub

CEO/Founder of Hack23 | committers.top badge

Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions. Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Prior roles including Application Security Officer at Stena,Information Security Officer at Polestar and Senior Security Architect at WirelessCar.

🔐 Commitment to Transparency and Security

At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.

📋 Public ISMS Repository

Complete Information Security Management System documentation

ISMS Public Repository

🔒 Information Security Policy

Enterprise-grade security framework and governance

Information Security Policy

🏆 Security Through Transparency

Our approach to cybersecurity consulting is built on a foundation of transparent practices:

  • 🔍 Open Documentation: Complete ISMS framework available for review
  • 📋 Policy Transparency: Detailed security policies and procedures publicly accessible
  • 🎯 Demonstrable Expertise: Our own security implementation serves as a live demonstration
  • 🔄 Continuous Improvement: Public documentation enables community feedback and enhancement

"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."

— James Pether Sörling, CEO/Founder

🍎 Discordian Cybersecurity Insights

Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."

📖 Security Blog: 30+ Posts

Everything You Know About Security Is a Lie — Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation. Complete ISMS coverage with radical transparency.

Discordian Security Blog

Featured Content:

  • 🎭 Discordian Manifesto - Everything You Know About Security Is a Lie
  • 📚 Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
  • 🍎 Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures

All hail Eris! All hail Discordia! 🍎

Professional Certifications

CISSPCISMAWS SecurityAWS Solutions Architect

🔥 Black Trigram (흑괘)

Black Trigram Logo
Release

Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions.

LicenseWebsite Status

OpenSSF ScorecardCII Best PracticesSLSA 3Scorecard supply-chain securityTest & ReportLines of CodeQuality Gate StatusSecurity RatingMaintainability RatingReliability RatingFOSSA Status

🔐 CIA Compliance Manager

CIA Compliance Manager Logo
Release

Security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis and compliance mapping to regulatory frameworks like NIST, ISO, GDPR, HIPAA, and SOC2.

CII Best PracticesSLSA 3OpenSSF Scorecard

FOSSA StatusCII Best PracticesOpenSSF ScorecardSLSA 3Verify & ReleaseScorecard Supply-Chain Security

🔍 Citizen Intelligence Agency

CIA Logo
Release

Political transparency platform monitoring Swedish political activity with data-driven insights, analytics, dashboard visualizations, and accountability metrics.

CII Best PracticesSLSA 3Security Rating

CII Best PracticesOpenSSF ScorecardSLSA 3Verify & DeployScorecard supply-chain securityQuality Gate StatusSecurity Rating

☁️ Lambda in Private VPC

AWS Lambda
CI/CD

Enterprise-grade multi-region active/active architecture with near-zero recovery time, comprehensive DNS failover, and AWS Resilience Hub policy compliance for mission-critical applications.

OpenSSF ScorecardLicense

OpenSSF ScorecardVerify and DeployScorecard Supply-Chain Security

🧪 Sonar-CloudFormation-Plugin

SonarQube Plugin
Maven Central

SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.

CII Best PracticesOpenSSF Scorecard

LicenseCII Best PracticesOpenSSF Scorecard

🔑 Security Services

Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.

📋 Service Overview

🌐 AvailabilityRemote or in-person (Gothenburg)
💰 PricingContact for pricing
🏢 CompanyHack23 AB (Org.nr 5595347807)
📧 ContactLinkedIn

🎯 Core Service Areas

AreaServicesIdeal for
🏗️ Security Architecture & Strategy Enterprise Security Architecture: Design and implementation of comprehensive security frameworks
Risk Assessment & Management: Systematic identification and mitigation of security risks
Security Strategy Development: Alignment of security initiatives with business objectives
Governance Framework Design: Policy development and security awareness programs 		Organizations needing strategic security leadership and architectural guidance
☁️ Cloud Security & DevSecOps Secure Cloud Solutions: AWS security assessment and architecture (Advanced level)
DevSecOps Integration: Security seamlessly integrated into agile development processes
Infrastructure as Code Security: Secure CloudFormation, Terraform implementations
Container & Serverless Security: Modern application security best practices 		Development teams transitioning to cloud-native architectures with security focus
🔧 Secure Development & Code Quality Secure SDLC Implementation: Building security into development lifecycles
CI/CD Security Integration: Automated security testing and validation
Code Quality & Security Analysis: Static analysis, vulnerability scanning
Supply Chain Security: SLSA Level 3 compliance, SBOM implementation 		Development teams seeking to embed security without slowing innovation

🏆 Specialized Expertise

CategoryServicesValue
📋 Compliance & Regulatory Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation
ISMS Design & Implementation: Information Security Management Systems
AI Governance: Emerging AI risk management frameworks
Audit Preparation: Documentation and evidence preparation 		Navigate complex regulatory landscapes with confidence
🌐 Open Source Security Open Source Program Office: OSPO establishment and management
Vulnerability Management: Open source risk assessment and remediation
Security Tool Development: Custom security solutions and automation
Community Engagement: Open source security best practices 		Leverage open source securely while contributing to security transparency
🎓 Security Culture & Training Security Awareness Programs: Building organization-wide security culture
Developer Security Training: Secure coding practices and methodologies
Leadership Security Briefings: Executive-level security understanding
Incident Response Training: Preparedness and response capability building 		Transform security from barrier to enabler through education and culture

💡 Why Choose Hack23 Security Services?

Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problems—we provide practical, implementable solutions that enhance security without slowing down innovation.

Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.

Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.

Project Architecture & Documentation

ProjectCurrent ArchitectureSecurity ArchitectureFuture Vision
CIA Compliance Manager🏛️ Architecture🔒 Security🔮 Future
Citizen Intelligence Agency🏛️ Architecture🔒 Security🔮 Future
ProjectProcess FlowsState DiagramsMindmaps
CIA Compliance Manager📊 Flowcharts🔄 States🧠 Mindmaps
Citizen Intelligence Agency📊 Flowcharts🔄 States🧠 Mindmaps

Professional Experience & Skills

mindmap root)👨‍💼 James Pether Sörling( 🔐 Information Security 🛡️ Risk Assessment & Management 🎓 CISSP / CISM Certified 🏛️ Security Architecture Design 🔒 Zero Trust 🛡️ Defense-in-Depth ⚙️ Compliance Frameworks ISO 27001 NIST 800-53 VDA-ISA CIS Controls GDPR 🚨 Security Operations Incident Response Vulnerability Management Security Monitoring ☁️ Cloud Security 🌐 Multi-Cloud: AWS, Azure 🏗️ Enterprise Architecture High Availability Multi-Region Resilience 🛠️ Infrastructure as Code CloudFormation Terraform 🔒 Secure Cloud Services Security Hub GuardDuty KMS WAF 🗂️ Leadership & Governance 👨‍💼 Information Security Officer 🏛️ Security Architect 📝 Policy Development ⚖️ IT Governance 👥 Team Leadership 🌐 Open Source Program Office 🤖 AI Governance 💻 Software Engineering 🛠️ Secure Development (SSDLC) 🌱 Java / Spring / React ⚙️ Automated Testing 🔄 CI/CD Pipelines 📈 Code Quality SLSA Level 3 SonarQube 🌍 Open Source Leadership 👨‍🔬 Project Maintainer 🤝 Community Contributor 🛡️ Security Tooling 👀 Code Review
Loading
mindmap root((👨‍💼 James Pether Sörling)) 🔐 Information & Security Leadership 👨‍💼 CISO / ISO Roles 🛡️ Security Architecture 🧩 CIA Triad Implementation 🛠️ Policy Development & Governance 📊 Risk Management 🔍 Audit & Compliance Oversight 🤖 AI Governance 🌐 Open Source Program Office 🏛️ Frameworks & Compliance 📄 ISO 27001 📄 NIST 800-53 📄 VDA-ISA 📄 CIS Controls 🏷️ Data Protection / GDPR 📋 ISMS Implementation 🧪 Continuous Improvement ☁️ Cloud & Platform Security 🌐 Multi-Cloud (AWS / Azure) 🏗️ Enterprise & Reference Architectures 🌍 Multi-Region Design 🔁 Resilience & Failover ♻️ High Availability Patterns 🔒 Secure Cloud Services Security Hub GuardDuty KMS WAF 🧱 Network & VPC Security 🔑 IAM / Least Privilege 🛠️ Infrastructure as Code 🧾 CloudFormation 🛠️ Terraform 🔄 GitOps / Pipelines 🔍 Template Scanning 📦 Supply Chain (SLSA Level 3) 💻 Software Engineering ☕ Java / Spring ⚛️ React / TypeScript 🐘 PostgreSQL 🔄 CI/CD Automation 🧪 Automated Testing 🧵 Secure SDLC (SSDLC) 📈 Code Quality (SonarQube) 🔬 Security Operations & Assurance 🚨 Incident Response 🕵️ Vulnerability Management 📈 Security Monitoring 🧪 Threat Modeling 📜 Logging & SIEM Use 🌍 Open Source Leadership 📋 CIA Compliance Manager 🏛️ Citizen Intelligence Agency 🧩 Sonar-CloudFormation-Plugin 🔧 cfn-nag Contributions 🤝 Community Engagement 👀 Code Review / Security Tooling 🏆 Certifications & Recognition 🎓 CISSP 🎓 CISM 🥇 AWS Security Specialty 🥇 AWS Solutions Architect Professional 🛡️ SLSA Level 3 Attestations 🚀 Strategic Impact 🔓 Transparency Advocacy 🧭 Security-by-Design Enablement 🧠 Knowledge Sharing / Speaking 📢 Public Policy & Civic Tech
Loading

Technology & Skills

Security & Compliance

Security ArchitectureRisk ManagementISO 27001NIST 800-53GDPRCIS ControlsVulnerability ManagementIncident ResponseSSDLCAI GovernanceInformation Security GovernanceSecurity ComplianceIT AuditInformation System Audit

Cloud & Infrastructure

AWSCloudFormationAzureLambdaTerraformDockerLinuxUnixSecurity HubGuardDutyCloud ComputingSolution Architecture

Development & Languages

JavaSpringTypeScriptJavaScriptReactPostgreSQLHibernateREST APIsMavenSoftware DevelopmentSoftware Engineering

DevOps & Tools

SonarQubeGitHub ActionsJenkinsElasticSearchKibanaOWASP ZAPcfn-nagSLSAIT Operations

Leadership & Management

LeadershipSecurity ManagementInformation Security ManagementTeam ManagementPolicy DevelopmentOpen Source Program OfficeOrganizational LeadershipPeople ManagementStrategic Planning

Additional Skills

Artificial IntelligenceOpen SourceDigital TransformationCyber InsuranceSix Sigma Black BeltBusiness StrategyCorporate FinanceESG

Career Highlights

%%{init:{'theme': 'base', 'themeVariables':{'primaryColor': '#d1c4e9', 'primaryTextColor': '#1a1a1a', 'primaryBorderColor': '#9575cd', 'lineColor': '#9575cd', 'secondaryColor': '#bbdefb', 'tertiaryColor': '#c8e6c9' } } }%% timeline title Professional Journey section Enterprise Security 2024 : Application Security Officer, Stena Group IT : Risk Assessment, Cloud Security, Microsoft Azure, AI Governance 2022 - 2024 : Information Security Officer, Polestar : ISMS Implementation, Security Compliance, Risk Management, OSPO Lead 2018 - 2022 : Senior Security Architect, WirelessCar : Security Architecture, AWS Security, Secure Development Practices section Cloud & Security Engineering 2017 - 2018 : Consultant, Consid AB : Open Source Development, CI/CD, Docker, AWS 2010 - 2017 : Cloud Architect, Keypasco : Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure section Software Development 2008 - 2009 : Consultant, Redpill Linpro : Technical Support, System Administration, Development 2006 - 2007 : System Developer, Sky : J2EE Projects, Agile Development, Test-Driven Development 2003 - 2005 : J2EE Developer, Glu Mobile : Mobile Services, Integration 2000 - 2002 : Software Engineer, Volantis Systems : Multi-Channel Server Product Development
Loading

Badges

Black Trigram Badges

GitHub ReleaseLicenseOpenSSF ScorecardCII Best PracticesSLSA 3Scorecard supply-chain securityTest & ReportLines of CodeQuality Gate StatusSecurity RatingMaintainability RatingReliability RatingFOSSA Status

CIA Compliance Manager Badges

GitHub ReleaseLicenseFOSSA StatusCII Best PracticesOpenSSF ScorecardSLSA 3Verify & ReleaseScorecard Supply-Chain Security

Citizen Intelligence Agency Badges

GitHub ReleaseCII Best PracticesOpenSSF ScorecardSLSA 3Verify & DeployScorecard supply-chain securityQuality Gate StatusSecurity RatingLicense

Sonar-CloudFormation-Plugin Badges

LicenseCII Best PracticesOpenSSF ScorecardMaven Central

Lambda in Private VPC Badges

LicenseOpenSSF ScorecardVerify and DeployScorecard Supply-Chain Security

Notable Contributions & Appearances

  • Information Security Officer at Polestar, leading security practices and the Open Source Program Office
  • Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
  • Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
  • Speaker at Javaforum Göteborg on secure architecture patterns
  • Guest on Shift Left Like A Boss security podcast
  • Featured in Computer Sweden and Riksdag och Departement for political transparency work
  • Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
  • Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
  • committers.top badge

🗺️ Site Map Overview

Hack23.com is a static, multi-language HTML/CSS site deployed to AWS S3 + CloudFront.
For the authoritative, always up-to-date sitemap, use the live page:

The sections below mirror the structure of sitemap.html with direct, HTTPS links and icons aligned with the ISMS Style Guide.

🏠 Home & Company

Mission, values, company details, and CIA Triad foundations.

🔑 Security Services

Professional cybersecurity consulting focused on security architecture, cloud security, DevSecOps, and compliance — with evidence-based practices and public ISMS.

🚀 Projects (Open-Source & Reference Implementations)

Open-source and reference projects used as live demonstrations of secure architecture, transparency, and practical security.

🎮 Black Trigram (Security-Aware Game)

Realistic 2D precision combat simulator based on traditional Korean martial arts, used as a security-aware game and educational platform.

🏛️ Citizen Intelligence Agency (CIA)

Open-source parliamentary monitoring and OSINT platform analyzing Swedish politics.

📋 CIA Compliance Manager

Browser-based compliance and CIA-triad assessment tool with no backend, focused on risk, impact, and framework mapping.

🍎 Discordian Cybersecurity Blog & Insights

All blog content is centrally indexed here:

The blog blends ISMS-aligned policies with a Discordian, Illuminatus!-style narrative, making complex security concepts accessible while still professionally mapped to the public ISMS.

🎭 Core Manifesto & Philosophy

Representative themes (see blog.html for the full list and latest updates):

  • 🧠 Everything You Know About Security Is a Lie
  • 🏛️ The Security-Industrial Complex
  • 🔒 Question Authority: Crypto Approved By Spies
  • 🏷️ Think For Yourself: Classification & Data Handling

🏛️ CIA Project Series

Architecture, security, and financial/operational views of the Citizen Intelligence Agency platform:

🎮 Black Trigram Series

Deep dives into the architecture, biomechanics, and future roadmap of Black Trigram:

📋 Compliance Manager Series

Applies the CIA triad, STRIDE, and adaptive defense to real-world compliance tooling:

🧪 Code Analysis: “George Dorn” Series

Evidence-based code reviews based on the actual cloned repositories, not just documentation:

🧠 Thought Leadership & Election Analysis

For the full and current list of posts, see:
👉 https://hack23.com/blog.html

🛡️ ISMS & Security Policies (Public ISMS)

The “Discordian” documents on hack23.com mirror and explain the formal ISMS-PUBLIC repository in a more narrative, accessible style.
Key entry points:

Representative domains (see sitemap.html for the complete tree):

For the canonical policy set and machine-verifiable versions, see the public ISMS repository:
🔓 https://github.com/Hack23/ISMS-PUBLIC

🌐 Languages (Internationalization)

Hack23.com supports multiple languages, following the _sv / _ko conventions and language-specific sitemap pages.

🇬🇧 English (default)

🇸🇪 Swedish

🇰🇷 Korean

🇳🇱 Dutch

🇩🇪 German

🇫🇷 French

🇯🇵 Japanese

🇨🇳 Chinese

🔧 Technical Resources

Technical endpoints and repositories powering the public site:

GitHub Repositories:

Connect With Me

LinkedInGitHubBlogTech Talks

Profile Views

Pinned Loading

  1. Hack23/ciaHack23/ciaPublic

    Citizen Intelligence Agency. Open-source intelligence platform analyzing Swedish political activities using AI and data visualization. Tracks politicians, government institutions, and parliamentary…

    Java 195 48

  2. Hack23/talksHack23/talksPublic

    How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

    7

  3. Hack23/cia-compliance-managerHack23/cia-compliance-managerPublic

    The CIA Compliance Manager is an application that helps organizations assess and manage the availability, integrity, and confidentiality of their systems and data based on customizable security lev…

    TypeScript 13 4

  4. Hack23/homepageHack23/homepagePublic

    Webpage for org https://hack23.com

    HTML 4 1