Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
@pethers
pethers
Follow

James Pether Sรถrling pethers

Organizations

@Hack23

Block or report pethers

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
pethers /README.md

CEO/Founder Hack23 | Security & Open Source Expert | Cloud Security Specialist | Information Security Professional

CEO/Founder of Hack23 | committers.top badge

Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions. Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Prior roles including Application Security Officer at Stena,Information Security Officer at Polestar and Senior Security Architect at WirelessCar.

๐Ÿ” Commitment to Transparency and Security

At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.

๐Ÿ“‹ Public ISMS Repository

Complete Information Security Management System documentation

ISMS Public Repository

๐Ÿ”’ Information Security Policy

Enterprise-grade security framework and governance

Information Security Policy

๐Ÿ† Security Through Transparency

Our approach to cybersecurity consulting is built on a foundation of transparent practices:

  • ๐Ÿ” Open Documentation: Complete ISMS framework available for review
  • ๐Ÿ“‹ Policy Transparency: Detailed security policies and procedures publicly accessible
  • ๐ŸŽฏ Demonstrable Expertise: Our own security implementation serves as a live demonstration
  • ๐Ÿ”„ Continuous Improvement: Public documentation enables community feedback and enhancement

"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."

โ€” James Pether Sรถrling, CEO/Founder

๐ŸŒŸ Featured in Press & Media

๐Ÿ—ž๏ธ Computer Sweden

Featured article on innovative use of technology for political transparency

Read Article

๐Ÿ“ฐ Riksdag och Departement

Coverage on Citizen Intelligence Agency's monitoring capabilities

Read Article

๐Ÿ“Š National Democratic Institute

Recognized in survey of parliamentary monitoring organizations

View Report

๐Ÿ“ฐ Expressen

Eric Erfors credits Citizen Intelligence Agency for exposing politician voting attendance records

Read Article

๐ŸŽค Technical Talks & Presentations

๐ŸŽ™๏ธ Javaforum Gรถteborg

Presentation on secure architecture patterns

Watch Presentation

๐ŸŽ™๏ธ Shift Left Like A Boss

Security podcast guest appearance discussing DevSecOps

Listen to Podcast

๐ŸŽ Discordian Cybersecurity Insights

Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."

๐Ÿ“– Security Blog: 30+ Posts

Everything You Know About Security Is a Lie โ€” Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation. Complete ISMS coverage with radical transparency.

Discordian Security Blog

Featured Content:

  • ๐ŸŽญ Discordian Manifesto - Everything You Know About Security Is a Lie
  • ๐Ÿ“š Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
  • ๐ŸŽ Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures

All hail Eris! All hail Discordia! ๐ŸŽ

Professional Certifications

๐Ÿ”ฅ Black Trigram (ํ‘๊ด˜)

Black Trigram Logo

Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions.

OpenSSF Scorecard CII Best Practices SLSA 3 Scorecard supply-chain security Test & Report Lines of Code Quality Gate Status Security Rating Maintainability Rating Reliability Rating FOSSA Status

๐Ÿ” CIA Compliance Manager

CIA Compliance Manager Logo

Security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis and compliance mapping to regulatory frameworks like NIST, ISO, GDPR, HIPAA, and SOC2.

FOSSA Status CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Release Scorecard Supply-Chain Security

๐Ÿ” Citizen Intelligence Agency

CIA Logo

Political transparency platform monitoring Swedish political activity with data-driven insights, analytics, dashboard visualizations, and accountability metrics.

CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Deploy Scorecard supply-chain security Quality Gate Status Security Rating

โ˜๏ธ Lambda in Private VPC

AWS Lambda

Enterprise-grade multi-region active/active architecture with near-zero recovery time, comprehensive DNS failover, and AWS Resilience Hub policy compliance for mission-critical applications.

OpenSSF Scorecard Verify and Deploy Scorecard Supply-Chain Security

๐Ÿงช Sonar-CloudFormation-Plugin

SonarQube Plugin

SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.

License CII Best Practices OpenSSF Scorecard

๐Ÿ”‘ Security Services

Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.

๐Ÿ“‹ Service Overview

๐ŸŒ Availability Remote or in-person (Gothenburg)
๐Ÿ’ฐ Pricing Contact for pricing
๐Ÿข Company Hack23 AB (Org.nr 5595347807)
๐Ÿ“ง Contact LinkedIn

๐ŸŽฏ Core Service Areas

Area Services Ideal for
๐Ÿ—๏ธ Security Architecture & Strategy Enterprise Security Architecture: Design and implementation of comprehensive security frameworks
Risk Assessment & Management: Systematic identification and mitigation of security risks
Security Strategy Development: Alignment of security initiatives with business objectives
Governance Framework Design: Policy development and security awareness programs 		Organizations needing strategic security leadership and architectural guidance
โ˜๏ธ Cloud Security & DevSecOps Secure Cloud Solutions: AWS security assessment and architecture (Advanced level)
DevSecOps Integration: Security seamlessly integrated into agile development processes
Infrastructure as Code Security: Secure CloudFormation, Terraform implementations
Container & Serverless Security: Modern application security best practices 		Development teams transitioning to cloud-native architectures with security focus
๐Ÿ”ง Secure Development & Code Quality Secure SDLC Implementation: Building security into development lifecycles
CI/CD Security Integration: Automated security testing and validation
Code Quality & Security Analysis: Static analysis, vulnerability scanning
Supply Chain Security: SLSA Level 3 compliance, SBOM implementation 		Development teams seeking to embed security without slowing innovation

๐Ÿ† Specialized Expertise

Category Services Value
๐Ÿ“‹ Compliance & Regulatory Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation
ISMS Design & Implementation: Information Security Management Systems
AI Governance: Emerging AI risk management frameworks
Audit Preparation: Documentation and evidence preparation 		Navigate complex regulatory landscapes with confidence
๐ŸŒ Open Source Security Open Source Program Office: OSPO establishment and management
Vulnerability Management: Open source risk assessment and remediation
Security Tool Development: Custom security solutions and automation
Community Engagement: Open source security best practices 		Leverage open source securely while contributing to security transparency
๐ŸŽ“ Security Culture & Training Security Awareness Programs: Building organization-wide security culture
Developer Security Training: Secure coding practices and methodologies
Leadership Security Briefings: Executive-level security understanding
Incident Response Training: Preparedness and response capability building 		Transform security from barrier to enabler through education and culture

๐Ÿ’ก Why Choose Hack23 Security Services?

Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problemsโ€”we provide practical, implementable solutions that enhance security without slowing down innovation.

Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.

Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.

Project Architecture & Documentation

Project Current Architecture Security Architecture Future Vision
CIA Compliance Manager ๐Ÿ›๏ธ Architecture ๐Ÿ”’ Security ๐Ÿ”ฎ Future
Citizen Intelligence Agency ๐Ÿ›๏ธ Architecture ๐Ÿ”’ Security ๐Ÿ”ฎ Future
Project Process Flows State Diagrams Mindmaps
CIA Compliance Manager ๐Ÿ“Š Flowcharts ๐Ÿ”„ States ๐Ÿง  Mindmaps
Citizen Intelligence Agency ๐Ÿ“Š Flowcharts ๐Ÿ”„ States ๐Ÿง  Mindmaps

Professional Experience & Skills

mindmap
 root)๐Ÿ‘จโ€๐Ÿ’ผ James Pether Sรถrling(
 ๐Ÿ” Information Security
 ๐Ÿ›ก๏ธ Risk Assessment & Management
 ๐ŸŽ“ CISSP / CISM Certified
 ๐Ÿ›๏ธ Security Architecture Design
 ๐Ÿ”’ Zero Trust
 ๐Ÿ›ก๏ธ Defense-in-Depth
 โš™๏ธ Compliance Frameworks
 ISO 27001
 NIST 800-53
 VDA-ISA
 CIS Controls
 GDPR
 ๐Ÿšจ Security Operations
 Incident Response
 Vulnerability Management
 Security Monitoring
 โ˜๏ธ Cloud Security
 ๐ŸŒ Multi-Cloud: AWS, Azure
 ๐Ÿ—๏ธ Enterprise Architecture
 High Availability
 Multi-Region
 Resilience
 ๐Ÿ› ๏ธ Infrastructure as Code
 CloudFormation
 Terraform
 ๐Ÿ”’ Secure Cloud Services
 Security Hub
 GuardDuty
 KMS
 WAF
 ๐Ÿ—‚๏ธ Leadership & Governance
 ๐Ÿ‘จโ€๐Ÿ’ผ Information Security Officer
 ๐Ÿ›๏ธ Security Architect
 ๐Ÿ“ Policy Development
 โš–๏ธ IT Governance
 ๐Ÿ‘ฅ Team Leadership
 ๐ŸŒ Open Source Program Office
 ๐Ÿค– AI Governance
 ๐Ÿ’ป Software Engineering
 ๐Ÿ› ๏ธ Secure Development (SSDLC)
 ๐ŸŒฑ Java / Spring / React
 โš™๏ธ Automated Testing
 ๐Ÿ”„ CI/CD Pipelines
 ๐Ÿ“ˆ Code Quality
 SLSA Level 3
 SonarQube
 ๐ŸŒ Open Source Leadership
 ๐Ÿ‘จโ€๐Ÿ”ฌ Project Maintainer
 ๐Ÿค Community Contributor
 ๐Ÿ›ก๏ธ Security Tooling
 ๐Ÿ‘€ Code Review
Loading 
mindmap
 root((๐Ÿ‘จโ€๐Ÿ’ผ James Pether Sรถrling))
 ๐Ÿ” Information & Security Leadership
 ๐Ÿ‘จโ€๐Ÿ’ผ CISO / ISO Roles
 ๐Ÿ›ก๏ธ Security Architecture
 ๐Ÿงฉ CIA Triad Implementation
 ๐Ÿ› ๏ธ Policy Development & Governance
 ๐Ÿ“Š Risk Management
 ๐Ÿ” Audit & Compliance Oversight
 ๐Ÿค– AI Governance
 ๐ŸŒ Open Source Program Office
 ๐Ÿ›๏ธ Frameworks & Compliance
 ๐Ÿ“„ ISO 27001
 ๐Ÿ“„ NIST 800-53
 ๐Ÿ“„ VDA-ISA
 ๐Ÿ“„ CIS Controls
 ๐Ÿท๏ธ Data Protection / GDPR
 ๐Ÿ“‹ ISMS Implementation
 ๐Ÿงช Continuous Improvement
 โ˜๏ธ Cloud & Platform Security
 ๐ŸŒ Multi-Cloud (AWS / Azure)
 ๐Ÿ—๏ธ Enterprise & Reference Architectures
 ๐ŸŒ Multi-Region Design
 ๐Ÿ” Resilience & Failover
 โ™ป๏ธ High Availability Patterns
 ๐Ÿ”’ Secure Cloud Services
 Security Hub
 GuardDuty
 KMS
 WAF
 ๐Ÿงฑ Network & VPC Security
 ๐Ÿ”‘ IAM / Least Privilege
 ๐Ÿ› ๏ธ Infrastructure as Code
 ๐Ÿงพ CloudFormation
 ๐Ÿ› ๏ธ Terraform
 ๐Ÿ”„ GitOps / Pipelines
 ๐Ÿ” Template Scanning
 ๐Ÿ“ฆ Supply Chain (SLSA Level 3)
 ๐Ÿ’ป Software Engineering
 โ˜• Java / Spring
 โš›๏ธ React / TypeScript
 ๐Ÿ˜ PostgreSQL
 ๐Ÿ”„ CI/CD Automation
 ๐Ÿงช Automated Testing
 ๐Ÿงต Secure SDLC (SSDLC)
 ๐Ÿ“ˆ Code Quality (SonarQube)
 ๐Ÿ”ฌ Security Operations & Assurance
 ๐Ÿšจ Incident Response
 ๐Ÿ•ต๏ธ Vulnerability Management
 ๐Ÿ“ˆ Security Monitoring
 ๐Ÿงช Threat Modeling
 ๐Ÿ“œ Logging & SIEM Use
 ๐ŸŒ Open Source Leadership
 ๐Ÿ“‹ CIA Compliance Manager
 ๐Ÿ›๏ธ Citizen Intelligence Agency
 ๐Ÿงฉ Sonar-CloudFormation-Plugin
 ๐Ÿ”ง cfn-nag Contributions
 ๐Ÿค Community Engagement
 ๐Ÿ‘€ Code Review / Security Tooling
 ๐Ÿ† Certifications & Recognition
 ๐ŸŽ“ CISSP
 ๐ŸŽ“ CISM
 ๐Ÿฅ‡ AWS Security Specialty
 ๐Ÿฅ‡ AWS Solutions Architect Professional
 ๐Ÿ›ก๏ธ SLSA Level 3 Attestations
 ๐Ÿš€ Strategic Impact
 ๐Ÿ”“ Transparency Advocacy
 ๐Ÿงญ Security-by-Design Enablement
 ๐Ÿง  Knowledge Sharing / Speaking
 ๐Ÿ“ข Public Policy & Civic Tech
Loading

Technology & Skills

Security & Compliance

Security Architecture Risk Management ISO 27001 NIST 800-53 GDPR CIS Controls Vulnerability Management Incident Response SSDLC AI Governance Information Security Governance Security Compliance IT Audit Information System Audit

Cloud & Infrastructure

AWS CloudFormation Azure Lambda Terraform Docker Linux Unix Security Hub GuardDuty Cloud Computing Solution Architecture

Development & Languages

Java Spring TypeScript JavaScript React PostgreSQL Hibernate REST APIs Maven Software Development Software Engineering

DevOps & Tools

SonarQube GitHub Actions Jenkins ElasticSearch Kibana OWASP ZAP cfn-nag SLSA IT Operations

Leadership & Management

Leadership Security Management Information Security Management Team Management Policy Development Open Source Program Office Organizational Leadership People Management Strategic Planning

Additional Skills

Artificial Intelligence Open Source Digital Transformation Cyber Insurance Six Sigma Black Belt Business Strategy Corporate Finance ESG

Career Highlights

%%{
 init: {
 'theme': 'base',
 'themeVariables': {
 'primaryColor': '#d1c4e9',
 'primaryTextColor': '#1a1a1a',
 'primaryBorderColor': '#9575cd',
 'lineColor': '#9575cd',
 'secondaryColor': '#bbdefb',
 'tertiaryColor': '#c8e6c9'
 }
 }
}%%
timeline
 title Professional Journey
 section Enterprise Security
 2024 : Application Security Officer, Stena Group IT
 : Risk Assessment, Cloud Security, Microsoft Azure, AI Governance
 2022 - 2024 : Information Security Officer, Polestar
 : ISMS Implementation, Security Compliance, Risk Management, OSPO Lead
 2018 - 2022 : Senior Security Architect, WirelessCar
 : Security Architecture, AWS Security, Secure Development Practices
 section Cloud & Security Engineering
 2017 - 2018 : Consultant, Consid AB
 : Open Source Development, CI/CD, Docker, AWS
 2010 - 2017 : Cloud Architect, Keypasco
 : Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure
 section Software Development
 2008 - 2009 : Consultant, Redpill Linpro
 : Technical Support, System Administration, Development
 2006 - 2007 : System Developer, Sky
 : J2EE Projects, Agile Development, Test-Driven Development
 2003 - 2005 : J2EE Developer, Glu Mobile
 : Mobile Services, Integration
 2000 - 2002 : Software Engineer, Volantis Systems
 : Multi-Channel Server Product Development
Loading

Badges

Black Trigram Badges

GitHub Release License OpenSSF Scorecard CII Best Practices SLSA 3 Scorecard supply-chain security Test & Report Lines of Code Quality Gate Status Security Rating Maintainability Rating Reliability Rating FOSSA Status

CIA Compliance Manager Badges

GitHub Release License FOSSA Status CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Release Scorecard Supply-Chain Security

Citizen Intelligence Agency Badges

GitHub Release CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Deploy Scorecard supply-chain security Quality Gate Status Security Rating License

Sonar-CloudFormation-Plugin Badges

License CII Best Practices OpenSSF Scorecard Maven Central

Lambda in Private VPC Badges

License OpenSSF Scorecard Verify and Deploy Scorecard Supply-Chain Security

Notable Contributions & Appearances

  • Information Security Officer at Polestar, leading security practices and the Open Source Program Office
  • Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
  • Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
  • Speaker at Javaforum Gรถteborg on secure architecture patterns
  • Guest on Shift Left Like A Boss security podcast
  • Featured in Computer Sweden and Riksdag och Departement for political transparency work
  • Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
  • Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
  • committers.top badge

๐Ÿ—บ๏ธ Site Map Overview

Hack23.com is a static, multi-language HTML/CSS site deployed to AWS S3 + CloudFront.
For the authoritative, always up-to-date sitemap, use the live page:

The sections below mirror the structure of sitemap.html with direct, HTTPS links and icons aligned with the ISMS Style Guide.

๐Ÿ  Home & Company

Mission, values, company details, and CIA Triad foundations.

๐Ÿ”‘ Security Services

Professional cybersecurity consulting focused on security architecture, cloud security, DevSecOps, and compliance โ€” with evidence-based practices and public ISMS.

๐Ÿš€ Projects (Open-Source & Reference Implementations)

Open-source and reference projects used as live demonstrations of secure architecture, transparency, and practical security.

๐ŸŽฎ Black Trigram (Security-Aware Game)

Realistic 2D precision combat simulator based on traditional Korean martial arts, used as a security-aware game and educational platform.

๐Ÿ›๏ธ Citizen Intelligence Agency (CIA)

Open-source parliamentary monitoring and OSINT platform analyzing Swedish politics.

๐Ÿ“‹ CIA Compliance Manager

Browser-based compliance and CIA-triad assessment tool with no backend, focused on risk, impact, and framework mapping.

๐ŸŽ Discordian Cybersecurity Blog & Insights

All blog content is centrally indexed here:

The blog blends ISMS-aligned policies with a Discordian, Illuminatus!-style narrative, making complex security concepts accessible while still professionally mapped to the public ISMS.

๐ŸŽญ Core Manifesto & Philosophy

Representative themes (see blog.html for the full list and latest updates):

  • ๐Ÿง  Everything You Know About Security Is a Lie
  • ๐Ÿ›๏ธ The Security-Industrial Complex
  • ๐Ÿ”’ Question Authority: Crypto Approved By Spies
  • ๐Ÿท๏ธ Think For Yourself: Classification & Data Handling

๐Ÿ›๏ธ CIA Project Series

Architecture, security, and financial/operational views of the Citizen Intelligence Agency platform:

๐ŸŽฎ Black Trigram Series

Deep dives into the architecture, biomechanics, and future roadmap of Black Trigram:

๐Ÿ“‹ Compliance Manager Series

Applies the CIA triad, STRIDE, and adaptive defense to real-world compliance tooling:

๐Ÿงช Code Analysis: "George Dorn" Series

Evidence-based code reviews based on the actual cloned repositories, not just documentation:

๐Ÿง  Thought Leadership & Election Analysis

For the full and current list of posts, see:
๐Ÿ‘‰ https://hack23.com/blog.html

๐Ÿ›ก๏ธ ISMS & Security Policies (Public ISMS)

The "Discordian" documents on hack23.com mirror and explain the formal ISMS-PUBLIC repository in a more narrative, accessible style.
Key entry points:

Representative domains (see sitemap.html for the complete tree):

For the canonical policy set and machine-verifiable versions, see the public ISMS repository:
๐Ÿ”“ https://github.com/Hack23/ISMS-PUBLIC

๐ŸŒ Languages (Internationalization)

Hack23.com supports multiple languages, following the _sv / _ko conventions and language-specific sitemap pages.

๐Ÿ‡ฌ๐Ÿ‡ง English (default)

๐Ÿ‡ธ๐Ÿ‡ช Swedish

๐Ÿ‡ฐ๐Ÿ‡ท Korean

๐Ÿ‡ณ๐Ÿ‡ฑ Dutch

๐Ÿ‡ฉ๐Ÿ‡ช German

๐Ÿ‡ซ๐Ÿ‡ท French

๐Ÿ‡ฏ๐Ÿ‡ต Japanese

๐Ÿ‡จ๐Ÿ‡ณ Chinese

๐Ÿ”ง Technical Resources

Technical endpoints and repositories powering the public site:

GitHub Repositories:

Connect With Me

Pinned Loading

  1. Hack23/cia Hack23/cia Public

    Citizen Intelligence Agency. Open-source intelligence platform analyzing Swedish political activities using AI and data visualization. Tracks politicians, government institutions, and parliamentary...

    Java 202 49

  2. Hack23/talks Hack23/talks Public

    How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

    7

  3. Hack23/cia-compliance-manager Hack23/cia-compliance-manager Public

    The CIA Compliance Manager is an application that helps organizations assess and manage the availability, integrity, and confidentiality of their systems and data based on customizable security lev...

    TypeScript 14 5

  4. Hack23/homepage Hack23/homepage Public

    Webpage for org https://hack23.com

    HTML 4 1

AltStyle ใซใ‚ˆใฃใฆๅค‰ๆ›ใ•ใ‚ŒใŸใƒšใƒผใ‚ธ (->ใ‚ชใƒชใ‚ธใƒŠใƒซ) /