Welcome to the Hack23 homepage repository. This is the source code for Hack23, a Swedish innovation hub founded in 2025 by James Pether Sörling, focusing on precision gaming experiences, security, compliance, and transparency tools.
At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.
Our approach to cybersecurity consulting is built on a foundation of transparent practices:
- 🔍 Open Documentation: Complete ISMS framework available for review
- 📋 Policy Transparency: Detailed security policies and procedures publicly accessible
- 🎯 Demonstrable Expertise: Our own security implementation serves as a live demonstration
- 🔄 Continuous Improvement: Public documentation enables community feedback and enhancement
"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."
— James Pether Sörling, CEO/Founder
Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."
Featured Content:
- 🎭 Discordian Manifesto - Everything You Know About Security Is a Lie
- 📚 Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
- 🍎 Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures
All hail Eris! All hail Discordia! 🍎
Hack23.com is a static, multi-language HTML/CSS site deployed to AWS S3 + CloudFront.
For the authoritative, always up-to-date sitemap, use the live page:
- 🔗 Live Sitemap: https://hack23.com/sitemap.html
The sections below mirror the structure of sitemap.html with direct, HTTPS links and icons aligned with the ISMS Style Guide.
Mission, values, company details, and CIA Triad foundations.
- 🏠 Homepage: https://hack23.com/index.html
- 🧭 Why Hack23?: https://hack23.com/why-hack23.html
- 🔐 CIA Triad FAQ (Confidentiality, Integrity, Availability):
https://hack23.com/cia-triad-faq.html
Professional cybersecurity consulting focused on security architecture, cloud security, DevSecOps, and compliance — with evidence-based practices and public ISMS.
- 🔑 All Services (overview): https://hack23.com/services.html
- 🏗️ Security Architecture & Strategy:
https://hack23.com/services.html#security-architecture - ☁️ Cloud Security & DevSecOps:
https://hack23.com/services.html#cloud-security - 📋 Compliance & Regulatory:
https://hack23.com/services.html#compliance
- 🏗️ Security Architecture & Strategy:
- 🧾 Security Assessment Checklist:
https://hack23.com/security-assessment-checklist.html
Open-source and reference projects used as live demonstrations of secure architecture, transparency, and practical security.
Realistic 2D precision combat simulator based on traditional Korean martial arts, used as a security-aware game and educational platform.
- 🎮 Overview: https://hack23.com/black-trigram.html
- ⭐ Features: https://hack23.com/black-trigram-features.html
- 📚 Documentation: https://hack23.com/black-trigram-docs.html
Open-source parliamentary monitoring and OSINT platform analyzing Swedish politics.
- 🏛️ Overview: https://hack23.com/cia-project.html
- ⭐ Features: https://hack23.com/cia-features.html
- 📚 Documentation: https://hack23.com/cia-docs.html
Browser-based compliance and CIA-triad assessment tool with no backend, focused on risk, impact, and framework mapping.
- 📋 Overview: https://hack23.com/compliance-manager.html
- ⭐ Features: https://hack23.com/cia-compliance-manager-features.html
- 📚 Documentation: https://hack23.com/cia-compliance-manager-docs.html
All blog content is centrally indexed here:
- 📚 All Blog Posts: https://hack23.com/blog.html
The blog blends ISMS-aligned policies with a Discordian, Illuminatus!-style narrative, making complex security concepts accessible while still professionally mapped to the public ISMS.
- 🎭 Discordian Cybersecurity Manifesto:
https://hack23.com/discordian-cybersecurity.html
Representative themes (see blog.html for the full list and latest updates):
- 🧠 Everything You Know About Security Is a Lie
- 🏛️ The Security-Industrial Complex
- 🔒 Question Authority: Crypto Approved By Spies
- 🏷️ Think For Yourself: Classification & Data Handling
Architecture, security, and financial/operational views of the Citizen Intelligence Agency platform:
- 🏗️ CIA Architecture: https://hack23.com/blog-cia-architecture.html
- 🛡️ CIA Security (Defense Through Transparency):
https://hack23.com/blog-cia-security.html - 🔄 CIA Workflows (CI/CD & State Machines):
https://hack23.com/blog-cia-workflows.html - 🧠 CIA Mindmaps (Conceptual Sacred Geometry):
https://hack23.com/blog-cia-mindmaps.html - 🔍 CIA OSINT Intelligence:
https://hack23.com/blog-cia-osint-intelligence.html - 🔮 CIA Future Security (Post-quantum & AI):
https://hack23.com/blog-cia-future-security.html - 💰 CIA Financial Strategy – “$24.70/Day Democracy”:
https://hack23.com/blog-cia-financial-strategy.html - 🌍 CIA Business Case – Global News:
https://hack23.com/blog-cia-business-case-global-news.html - 📰 CIA Swedish Media Election 2026:
https://hack23.com/blog-cia-swedish-media-election-2026.html - 📢 CIA Alternative Media Discordian 2026:
https://hack23.com/blog-cia-alternative-media-discordian-2026.html
Deep dives into the architecture, biomechanics, and future roadmap of Black Trigram:
- 🏗️ Architecture: https://hack23.com/blog-trigram-architecture.html
- 🥋 Combat & Vital Points:
https://hack23.com/blog-trigram-combat.html - 🔮 Future (VR & Immersive Training):
https://hack23.com/blog-trigram-future.html
Applies the CIA triad, STRIDE, and adaptive defense to real-world compliance tooling:
- 🏗️ Compliance Architecture:
https://hack23.com/blog-compliance-architecture.html - 🛡️ Compliance Security (STRIDE Through Five Dimensions):
https://hack23.com/blog-compliance-security.html - 🔮 Compliance Future (Context-Aware Defense):
https://hack23.com/blog-compliance-future.html
Evidence-based code reviews based on the actual cloned repositories, not just documentation:
- 📊 CIA Code Analysis:
https://hack23.com/blog-george-dorn-cia-code.html - 📊 Compliance Manager Code Analysis:
https://hack23.com/blog-george-dorn-compliance-code.html - 📊 Black Trigram Code Analysis:
https://hack23.com/blog-george-dorn-trigram-code.html
- 🧬 Automated Convergence (Security, Cloud, DevSecOps):
https://hack23.com/blog-automated-convergence.html - 🧠 Information Hoarding Destroys Data Integrity:
https://hack23.com/blog-information-hoarding.html - 🛡️ Public ISMS Benefits:
https://hack23.com/blog-public-isms-benefits.html - 🗳️ Swedish Election 2026 – Data-Driven Analysis:
https://hack23.com/swedish-election-2026.html
For the full and current list of posts, see:
👉 https://hack23.com/blog.html
The “Discordian” documents on hack23.com mirror and explain the formal ISMS-PUBLIC repository in a more narrative, accessible style.
Key entry points:
- 🔐 Information Security Policy:
https://hack23.com/discordian-info-sec-policy.html - 🌐 ISMS Transparency (What is Public vs. Redacted):
https://hack23.com/discordian-isms-transparency.html - 🔄 ISMS Review & Continuous Improvement:
https://hack23.com/discordian-isms-review.html - 📋 Compliance Overview:
https://hack23.com/discordian-compliance.html - 🧭 Compliance Frameworks (ISO 27001, NIST, CIS, etc.):
https://hack23.com/discordian-compliance-frameworks.html
Representative domains (see sitemap.html for the complete tree):
-
📉 Risk Management:
https://hack23.com/discordian-risk-assessment.html
https://hack23.com/discordian-risk-register.html
https://hack23.com/discordian-threat-modeling.html -
🔑 Access & Identity:
https://hack23.com/discordian-access-control.html
https://hack23.com/discordian-remote-access.html
https://hack23.com/discordian-acceptable-use.html -
🏷️ Data Protection & Classification:
https://hack23.com/discordian-data-protection.html
https://hack23.com/discordian-data-classification.html
https://hack23.com/discordian-classification.html
https://hack23.com/discordian-privacy.html
https://hack23.com/discordian-crypto.html -
🌐 Technical Security:
https://hack23.com/discordian-network-security.html
https://hack23.com/discordian-cloud-security.html
https://hack23.com/discordian-email-security.html
https://hack23.com/discordian-mobile-device.html
https://hack23.com/discordian-vuln-mgmt.html -
🛠️ Development & AI:
https://hack23.com/discordian-secure-dev.html
https://hack23.com/discordian-ai-policy.html
https://hack23.com/discordian-llm-security.html
https://hack23.com/discordian-open-source.html -
⚙️ Operations:
https://hack23.com/discordian-change-mgmt.html
https://hack23.com/discordian-asset-mgmt.html
https://hack23.com/discordian-monitoring-logging.html
https://hack23.com/discordian-backup-recovery.html -
🔄 Business Continuity & Incident Response:
https://hack23.com/discordian-business-continuity.html
https://hack23.com/discordian-disaster-recovery.html
https://hack23.com/discordian-incident-response.html -
🏛️ Governance & Stakeholders:
https://hack23.com/discordian-security-strategy.html
https://hack23.com/discordian-security-metrics.html
https://hack23.com/discordian-security-training.html
https://hack23.com/discordian-stakeholders.html
https://hack23.com/discordian-business-value.html -
🤝 Third Party & Supply Chain:
https://hack23.com/discordian-third-party.html
https://hack23.com/discordian-supplier-reality.html -
🏢 Physical & Facilities:
https://hack23.com/discordian-physical-security.html -
⚖️ Regulatory (e.g., EU Cyber Resilience Act):
https://hack23.com/discordian-cra.html
https://hack23.com/discordian-cra-conformity.html
For the canonical policy set and machine-verifiable versions, see the public ISMS repository:
🔓 https://github.com/Hack23/ISMS-PUBLIC
Hack23.com supports multiple languages, following the _sv / _ko conventions and language-specific sitemap pages.
- 🗺️ Sitemap (EN): https://hack23.com/sitemap.html
- 🏠 Homepage (SV): https://hack23.com/index_sv.html
- 🗺️ Sitemap (SV): https://hack23.com/sitemap_sv.html
- 🔑 Services (SV): https://hack23.com/services_sv.html
- 🧭 Why Hack23 (SV): https://hack23.com/why-hack23_sv.html
- 🔐 CIA Triad FAQ (SV): https://hack23.com/cia-triad-faq_sv.html
- 🏛️ CIA Features / Docs (SV):
https://hack23.com/cia-features_sv.html
https://hack23.com/cia-docs_sv.html - 📋 CIA Compliance Manager Features / Docs (SV):
https://hack23.com/cia-compliance-manager-features_sv.html
https://hack23.com/cia-compliance-manager-docs_sv.html - 📚 Selected Blog Translations (SV):
https://hack23.com/blog-public-isms-benefits_sv.html
https://hack23.com/blog-cia-swedish-media-election-2026_sv.html
https://hack23.com/swedish-election-2026_sv.html
- 🏠 Homepage (KO): https://hack23.com/index_ko.html
- 🗺️ Sitemap (KO): https://hack23.com/sitemap_ko.html
- 🔑 Services (KO): https://hack23.com/services_ko.html
- 🎮 Black Trigram Features / Docs (KO):
https://hack23.com/black-trigram-features_ko.html
https://hack23.com/black-trigram-docs_ko.html
- 🗺️ Sitemap (NL): https://hack23.com/sitemap_nl.html
- 🗺️ Sitemap (DE): https://hack23.com/sitemap_de.html
- 🗺️ Sitemap (FR): https://hack23.com/sitemap_fr.html
- 🗺️ Sitemap (JA): https://hack23.com/sitemap_ja.html
- 🗺️ Sitemap (ZH): https://hack23.com/sitemap_zh.html
Technical endpoints and repositories powering the public site:
- 🗺️ XML Sitemap (for crawlers): https://hack23.com/sitemap.xml
- 🤖 robots.txt: https://hack23.com/robots.txt
GitHub Repositories:
- 🔓 Public ISMS: https://github.com/Hack23/ISMS-PUBLIC
- 🖥️ Homepage Source: https://github.com/Hack23/homepage
This repository implements comprehensive automated quality checks to ensure code quality and prevent regressions:
- HTML Validation: All 74 HTML files are automatically validated using HTMLHint on every push and pull request
- Link Checking: Internal and external links are checked using Linkinator to prevent broken links
- Security Scanning: ZAP (Zed Attack Proxy) performs security vulnerability scanning on the deployed site
- Performance Audits: Lighthouse audits monitor performance, accessibility, and SEO metrics
- Supply Chain Security: OpenSSF Scorecard and Dependabot monitor dependencies and security best practices
# Install tools
npm install -g htmlhint linkinator
# Validate HTML files
htmlhint *.html
# Check internal links (requires local server)
python3 -m http.server 8080 &
linkinator http://localhost:8080/ --recurse --skip "^(?!http://localhost:8080)"
# Check external links (sample)
linkinator https://hack23.com/ --timeout 30000Quality check reports are available as artifacts in the Quality Checks workflow:
htmlhint-report: HTML validation results for all 74 fileslink-checker-reports: Internal and external link checking results
- Hack23
- 🔑 Security Services
- About James Pether Sörling
- Press Coverage
- 📚 CIA Triad FAQ
- 🍎 Discordian Cybersecurity Blog
- Current Projects
- Past Projects
- Badges
- 🏷️ Project Classifications According to Hack23 Framework 1. 📊 Homepage Project Classification 2. 🥋 Black Trigram Project Classification 3. 🛡️ CIA Compliance Manager Project Classification 4. 🏛️ Citizen Intelligence Agency Project Classification 5. ☁️ Lambda in Private VPC Project Classification
Hack23 AB is a Swedish registered company (Org.nr 5595347807) founded in 2025 as an innovation hub specializing in creating immersive and precise game experiences alongside expert cybersecurity consulting. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into development processes without hindering innovation. Our flagship project, Black Trigram, represents the pinnacle of realistic martial arts gaming combined with educational value.
Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.
| 🌐 Availability | Remote or in-person (Gothenburg) |
| 💰 Pricing | Contact for pricing |
| 🏢 Company | Hack23 AB (Org.nr 5595347807) |
| 📧 Contact |
| Area | Services | Ideal for |
|---|---|---|
| 🏗️ Security Architecture & Strategy |
Enterprise Security Architecture: Design and implementation of comprehensive security frameworks Risk Assessment & Management: Systematic identification and mitigation of security risks Security Strategy Development: Alignment of security initiatives with business objectives Governance Framework Design: Policy development and security awareness programs |
Organizations needing strategic security leadership and architectural guidance |
| ☁️ Cloud Security & DevSecOps |
Secure Cloud Solutions: AWS security assessment and architecture (Advanced level) DevSecOps Integration: Security seamlessly integrated into agile development processes Infrastructure as Code Security: Secure CloudFormation, Terraform implementations Container & Serverless Security: Modern application security best practices |
Development teams transitioning to cloud-native architectures with security focus |
| 🔧 Secure Development & Code Quality |
Secure SDLC Implementation: Building security into development lifecycles CI/CD Security Integration: Automated security testing and validation Code Quality & Security Analysis: Static analysis, vulnerability scanning Supply Chain Security: SLSA Level 3 compliance, SBOM implementation |
Development teams seeking to embed security without slowing innovation |
| Category | Services | Value |
|---|---|---|
| 📋 Compliance & Regulatory |
Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation ISMS Design & Implementation: Information Security Management Systems AI Governance: Emerging AI risk management frameworks Audit Preparation: Documentation and evidence preparation |
Navigate complex regulatory landscapes with confidence |
| 🌐 Open Source Security |
Open Source Program Office: OSPO establishment and management Vulnerability Management: Open source risk assessment and remediation Security Tool Development: Custom security solutions and automation Community Engagement: Open source security best practices |
Leverage open source securely while contributing to security transparency |
| 🎓 Security Culture & Training |
Security Awareness Programs: Building organization-wide security culture Developer Security Training: Secure coding practices and methodologies Leadership Security Briefings: Executive-level security understanding Incident Response Training: Preparedness and response capability building |
Transform security from barrier to enabler through education and culture |
Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problems—we provide practical, implementable solutions that enhance security without slowing down innovation.
Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.
Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.
CEO/Founder of Hack23 AB (founded 2025), James is an experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions.
Professional Background:
- Current Role: CEO/Founder Hack23 AB (Jun 2025-Present), Application Security Officer at Stena Group IT (Oct 2024-Present)
- Previous Roles: Information Security Officer at Polestar (Mar 2022-Sep 2024), Senior Security Architect at WirelessCar (Jan 2018-Mar 2022)
- Certifications: CISSP, CISM, AWS Security Specialty, AWS Solutions Architect Professional
- Expertise: Security Architecture, Cloud Security, DevSecOps Integration, Open Source Security, Compliance Management
Company Information:
- Company: Hack23 AB
- Registration Number: 5595347807
- Country: Sweden
- Founded: 2025
- Industry: Cybersecurity Consulting & Gaming Innovation
- Copyright: James Pether Sörling 2008-2025
Career Highlights:
- Founded Hack23 AB in 2025 as Swedish Innovation Hub for cybersecurity and gaming
- Led Open Source Program Office at Polestar (2022-2024)
- Senior Security Architect at WirelessCar supporting secure delivery practices (2018-2022)
- Consultant roles at Omegapoint (2018) and Consid AB (2017-2018) focusing on open source development
- Cloud Architect at Keypasco developing cloud security solutions (2010-2017)
- Early career includes positions at Sky, Glu Mobile, Volantis Systems (London), and system administration roles
- Military service as NBC-Defence Group Leader in Swedish Armed Forces (1996-1997)
- Speaker at Javaforum Göteborg on secure architecture patterns
- Guest on "Shift Left Like A Boss" security podcast
- Featured in Computer Sweden and National Democratic Institute reports
Martial Arts Background:
- 1999: Black Belt Song Moo Kwan Korea - Traditional Taekwondo certification
- 2024: 3rd Dan Kukkiwon - World Taekwondo Headquarters certification
- Teaching Experience: Taekwondo instructor at multiple clubs (1994-2017) including Tor Taekwondo klub, Haga Taekwondo club, and Hworangi Taekwondo
- Cultural Integration: Deep understanding of Korean martial arts traditions directly influences the authentic techniques and educational value in Black Trigram
Core Expertise Areas:
- Security Architecture & Strategy: Enterprise security frameworks, risk assessment, policy development, AI governance
- Cloud Security & DevSecOps: AWS Advanced, multi-cloud strategies, Infrastructure as Code security, CI/CD integration
- Secure Development: SSDLC implementation, code quality analysis, supply chain security, SLSA Level 3 compliance
- Compliance & Governance: ISMS design, regulatory compliance (GDPR, NIS2, ISO 27001), audit preparation
- Open Source Security: OSPO leadership, vulnerability management, security tool development, community engagement
- Security Culture & Training: Organization-wide awareness programs, developer training, incident response capability building
Technology & Skills:
- Security & Compliance: Security Architecture, Risk Management, ISO 27001, NIST 800-53, GDPR, CIS Controls, Vulnerability Management, Incident Response, SSDLC, AI Governance
- Cloud & Infrastructure: AWS (Advanced), Microsoft Azure, CloudFormation, Terraform, Docker, Linux/Unix, Security Hub, GuardDuty, Solution Architecture
- Development & DevOps: Java/Spring, TypeScript/JavaScript/React, PostgreSQL, SonarQube, GitHub Actions, Jenkins, ElasticSearch, OWASP ZAP, SLSA Level 3
- Leadership & Management: Information Security Management, Team Leadership, Policy Development, Open Source Program Office, Strategic Planning, Six Sigma Black Belt
Links:
- Company LinkedIn: https://www.linkedin.com/company/hack23/
- Company Registration: Allabolag.se
- Personal LinkedIn: James Pether Sörling
- OpenHub Profile: https://www.openhub.net/accounts/pether
- Computer Sweden: Technology that reveals politicians
- Riksdag och Departement: CIA keeps track of parliament members
- National Democratic Institute: Parliamentary Monitoring Organizations Survey
Comprehensive FAQ covering CIA Triad implementation, data classification, compliance frameworks, security assessment tools, and best practices for information security management.
🎓 Learn the Fundamentals: https://hack23.com/cia-triad-faq.html
The CIA Triad is a fundamental security model consisting of three core principles:
- Confidentiality: Ensures sensitive information is accessible only to authorized individuals
- Integrity: Guarantees data accuracy and trustworthiness throughout its lifecycle
- Availability: Ensures information and systems are accessible when needed by authorized users
This educational resource provides professional implementation guidance aligned with NIST, ISO 27001, and GDPR compliance standards.
50+ blog posts exploring information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."
📖 Browse All Posts: https://hack23.com/blog.html
🎭 Discordian Manifesto - Everything You Know About Security Is a Lie: Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation
📚 Complete ISMS Coverage - All posts link directly to corresponding policies in our ISMS-PUBLIC repository, demonstrating radical transparency
🍎 Information Hoarding Destroys Data Integrity - How information hoarding undermines organizational knowledge integrity
- Everything You Know About Security Is a Lie - Nation-state capabilities, approved crypto paradox, Chapel Perilous initiation
- The Security-Industrial Complex - How fear became a business model and "best practices" became vendor lock-in
- Question Authority: Crypto Approved By Spies - Dual_EC_DRBG, Crypto AG, and why government approval should make you suspicious
- Think For Yourself: Classification - Classification beyond compliance theater—five levels of actually giving a damn
System architect extraordinaire revealing hidden structures through the Law of Fives and sacred geometry
CIA (Citizen Intelligence Agency) Series:
- CIA Architecture: The Five Pentacles - Five container types crystallized from the parliamentary domain
- CIA Security: Defense Through Transparency - The transparency paradox solved through mathematical proof
- CIA Future Security: The Pentagon of Tomorrow - Post-quantum cryptography and AI-augmented detection
- CIA Financial Strategy: $24.70/Day Democracy - Democracy costs through AWS optimization and golden ratio allocation
- CIA Workflows: Five-Stage CI/CD & State Machines - Five GitHub Actions workflows orchestrating DevSecOps automation
- CIA Mindmaps: Conceptual Sacred Geometry - Hierarchical thinking revealing natural organizational patterns
Compliance Manager Series:
- Compliance Manager: CIA Triad Meets Sacred Geometry - Security capability maturation measured in levels
- Compliance Security: STRIDE Through Five Dimensions - Six STRIDE categories compress into five defensive requirements
- Compliance Future: Context-Aware Security & Adaptive Defense - Future architecture transcending static assessment
Black Trigram Series:
- Black Trigram Architecture: Five Fighters, Sacred Geometry - Five fighter archetypes discovered in the combat domain
- Black Trigram Combat: 70 Vital Points & Physics of Respect - Traditional Korean martial arts biomechanics
- Black Trigram Future: VR Martial Arts & Immersive Combat - Five-year evolution from 2D fighter to VR training platform
Repository analysis based on actual cloned code—not documentation or assumptions
- CIA Code Analysis - Java 17, Spring Boot, PostgreSQL: 49 Maven modules, 1,372 Java files, 60+ DB tables
- Black Trigram Code Analysis - TypeScript 5.9, React 19, PixiJS 8: 132 files, 70 vital points system
- Compliance Manager Code Analysis - TypeScript 5.9, React 19, IndexedDB: 220 files, zero backend, 95% attack surface eliminated
- Information Security Policy - The foundation of radical transparency
- ISMS Transparency Plan - Security through radical openness: 70% public, 30% redacted
- Access Control - Trust no one (including yourself)
- Incident Response - When (not if) shit hits the fan
- Open Source Policy - Trust through transparency
- Secure Development - Code without backdoors (on purpose)
- Vulnerability Management - Patch or perish
- Threat Modeling - Know thy enemy (they already know you)
- Monitoring & Logging - If a tree falls and nobody logs it...
- Network Security - The perimeter is dead, long live the perimeter
- Physical Security - Locks, guards, and clever social engineering
- Asset Management - You can't protect what you don't know you have
- Mobile Device Management - BYOD means Bring Your Own Disaster
- Remote Access - VPNs and the death of the office
- Backup & Recovery - Restore or regret
- Business Continuity - Survive the chaos
- Disaster Recovery - Plan B when everything burns
- Risk Assessment - Calculating what you can't prevent
- Risk Register - Living document of what keeps you up at night
- Change Management - Move fast without breaking (everything)
- Compliance Checklist - Theater vs. reality
- EU Cyber Resilience Act - Brussels regulates your toaster
- Security Metrics - Measuring what actually matters
- Data Classification - Five levels of actually giving a damn
- Stakeholder Management - Who cares about your security (and why)
- ISMS Strategic Review - Keeping security frameworks relevant
- Privacy Policy - Surveillance capitalism meets anarchist data protection
- Data Protection - GDPR wants to know your location
- Third-Party Management - Trust your vendors? (LOL)
- Acceptable Use Policy - Don't do stupid shit on company systems
- Security Awareness Training - Teaching humans not to click shit
- AI Policy - Teaching machines not to hallucinate secrets
- OWASP LLM Security - Training AI not to hallucinate your secrets
- Cloud Security - Someone else's computer
- Email Security - Your CEO doesn't need iTunes cards
All posts maintain radical Illuminatus! trilogy style with "Think for yourself, question authority," FNORD detection, Chapel Perilous references, and 23 FNORD 5 signatures throughout. 🍎
🥋 어둠의 무예로 완벽한 일격을 추구하라 - "Master the dark arts through the pursuit of the perfect strike"
🔥 Flagship Project - A realistic 2D precision combat simulator inspired by traditional Korean martial arts, emphasizing anatomical targeting, realistic physics, and authentic techniques across 5 distinct fighter archetypes.
Key Features:
- 70 Anatomical Vital Points: Strategic targeting system based on traditional Korean martial arts knowledge (급소격)
- 5 Unique Player Archetypes: Musa (무사), Amsalja (암살자), Hacker, Intelligence Operative, Organized Crime
- Authentic Korean Martial Arts: Traditional techniques including Taekkyeon, Hapkido, and historical combat methods
- Realistic Combat Physics: Advanced trauma simulation and realistic damage modeling with authentic body mechanics
- Educational Gameplay: Combines traditional philosophy with modern game mechanics for cultural learning
- Precision Combat System: Emphasis on timing, positioning, and anatomical knowledge for tactical advantage
- Cultural Authenticity: Deep integration of Korean martial arts philosophy and terminology with respectful representation
Technical Specifications:
- Built with Rust for maximum performance and memory safety
- Cross-platform compatibility (Windows, macOS, Linux)
- Modern graphics rendering with realistic physics simulation
- Comprehensive testing with high code coverage
- Supply chain security with SLSA Level 3 compliance and OpenSSF best practices
Links:
A comprehensive security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis, compliance mapping to regulatory frameworks like NIST, ISO, GDPR, and cost estimation features.
Key Features:
- Security level assessment across CIA triad dimensions
- Compliance mapping to major frameworks (NIST, ISO, GDPR, HIPAA, SOC2, PCI DSS)
- Business impact analysis and cost estimation
- Interactive visualizations and implementation guidance
Links:
A volunteer-driven open source intelligence (OSINT) project providing comprehensive analysis of political activities in Sweden. Through advanced monitoring of key political figures and institutions, it delivers financial performance metrics, risk assessment analysis, political trend analysis, politician ranking systems, performance comparisons, and transparency insights.
Key Features:
- Interactive dashboards for political activity visualization
- Political scoreboard systems and performance rankings
- Critical analysis tools for political trends and voting patterns
- Transparency metrics and accountability measures
- Data-driven insights from authoritative Swedish government sources
Links:
A multi-region active/active website leveraging AWS Resilience Hub policy compliance and runbooks for rapid recovery from failures and high availability. Demonstrates cloud architecture best practices for availability and resilience.
Links:
SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards. Integrates CFN-nag static analysis capabilities into SonarQube for enhanced infrastructure as code security scanning.
Links:
Following the Hack23 Classification & Business Continuity Framework guidelines
-lightgrey?style=for-the-badge&logo=clock&logoColor=black){kind=icon}
-lightgrey?style=for-the-badge&logo=database&logoColor=black){kind=icon}
| Impact Category | Financial | Operational | Reputational | Regulatory |
|---|---|---|---|---|
| 🔒 Confidentiality |  |
 |
 |
 |
| ✅ Integrity | |
 |
 |
|
| ⏱️ Availability | |
 |
|
|
Primary ISMS Documentation:
- 🔐 Information Security Policy - Overarching security governance framework
- 🏷️ Classification Framework - Business impact analysis and CIA triad classification
- 🌐 ISMS Transparency Plan - Public disclosure strategy and transparency commitment
- 📝 Style Guide - ISMS documentation standards and formatting guidelines
- 📊 Security Metrics - KPI and performance measurement framework
Core Security Policies:
- 🛠️ Secure Development Policy - SDLC security requirements and architecture documentation
- 🌐 Network Security Policy - Cloud-native perimeter protection, WAF, CDN security
- 🔍 Vulnerability Management Policy - Security testing, scanning, and remediation procedures
- 🎯 Threat Modeling Policy - STRIDE analysis and MITRE ATT&CK framework integration
- 🔑 Access Control Policy - Zero-trust IAM and authentication standards
- 🔒 Cryptography Policy - TLS 1.3, encryption at rest, key management
Operational Security:
- 🚨 Incident Response Plan - Security incident management and coordinated disclosure
- 📝 Change Management - Risk-controlled change processes and deployment gates
- 🤝 Third Party Management - Supplier security risk management
Compliance & Governance:
- ✅ Compliance Checklist - ISO 27001, NIST CSF 2.0, CIS Controls alignment
- 📉 Risk Register - Enterprise risk tracking and treatment
Security Architecture:
- SECURITY_ARCHITECTURE.md - Homepage security architecture and controls implementation
- THREAT_MODEL.md - STRIDE threat analysis, MITRE ATT&CK mapping, and risk quantification
- FUTURE_SECURITY_ARCHITECTURE.md - Security enhancement roadmap and planned improvements
- CLASSIFICATION.md - Homepage business impact classification and CIA triad assessment
- SECURITY.md - Vulnerability disclosure policy and coordinated disclosure procedures
Reference Guides:
- ISMS_REFERENCE_GUIDE.md - Blog-to-policy mapping for all 30+ security blog posts
CI/CD & Quality:
- .github/workflows/main.yml - Deployment workflow with ZAP and Lighthouse scanning
- .github/workflows/scorecards.yml - OpenSSF Scorecard supply chain security
- .github/workflows/quality-checks.yml - HTML validation and link checking
Hack23 Security Architecture Examples:
- 🏛️ CIA Security Architecture - Java/Spring Boot enterprise web application architecture
- 🎮 Black Trigram Security Architecture - React/Firebase gaming platform security
- 📊 CIA Compliance Manager Security Architecture - React/Supabase compliance platform architecture
Threat Model References:
- 🏛️ CIA Threat Model - STRIDE analysis for enterprise web applications
- 🎮 Black Trigram Threat Model - Gaming-specific security threat analysis
- 📊 CIA Compliance Manager Threat Model - Client-side SPA security threats
📋 Document Control:
✅ Approved by: James Pether Sörling, CEO
📤 Distribution: Public
🏷️ Classification: 
📅 Effective Date: 2025-11-17
⏰ Next Review: 2026-02-17 (Quarterly)
🎯 Framework Compliance: 
🔗 Related Documents: ISMS Transparency Plan, Information Security Policy, Security Architecture, Threat Model
