Skip to content
View pethers's full-sized avatar
165 followers · 1.1k following

Achievements

Achievement: Pair Extraordinairex3Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair Extraordinairex3Achievement: YOLOAchievement: Starstruckx2Achievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Organizations

@Hack23

Block or report pethers

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
pethers/README.md

CEO/Founder Hack23 | Security & Open Source Expert | Cloud Security Specialist | Information Security Professional

Website LinkedIn GitHub OpenHub

CEO/Founder of Hack23 | committers.top badge

Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions. Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Prior roles including Application Security Officer at Stena,Information Security Officer at Polestar and Senior Security Architect at WirelessCar.

๐Ÿ” Commitment to Transparency and Security

At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.

๐Ÿ“‹ Public ISMS Repository

Complete Information Security Management System documentation

ISMS Public Repository

๐Ÿ”’ Information Security Policy

Enterprise-grade security framework and governance

Information Security Policy

๐Ÿ† Security Through Transparency

Our approach to cybersecurity consulting is built on a foundation of transparent practices:

  • ๐Ÿ” Open Documentation: Complete ISMS framework available for review
  • ๐Ÿ“‹ Policy Transparency: Detailed security policies and procedures publicly accessible
  • ๐ŸŽฏ Demonstrable Expertise: Our own security implementation serves as a live demonstration
  • ๐Ÿ”„ Continuous Improvement: Public documentation enables community feedback and enhancement

"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."

โ€” James Pether Sรถrling, CEO/Founder

๐ŸŽ Discordian Cybersecurity Insights

Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."

๐Ÿ“– Security Blog: 30+ Posts

Everything You Know About Security Is a Lie โ€” Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation. Complete ISMS coverage with radical transparency.

Discordian Security Blog

Featured Content:

  • ๐ŸŽญ Discordian Manifesto - Everything You Know About Security Is a Lie
  • ๐Ÿ“š Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
  • ๐ŸŽ Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures

All hail Eris! All hail Discordia! ๐ŸŽ

Professional Certifications

CISSP CISM AWS Security AWS Solutions Architect

๐Ÿ”ฅ Black Trigram (ํ‘๊ด˜)

Black Trigram Logo

Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions.

OpenSSF Scorecard CII Best Practices SLSA 3 Scorecard supply-chain security Test & Report Lines of Code Quality Gate Status Security Rating Maintainability Rating Reliability Rating FOSSA Status

๐Ÿ” CIA Compliance Manager

CIA Compliance Manager Logo

Security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis and compliance mapping to regulatory frameworks like NIST, ISO, GDPR, HIPAA, and SOC2.

FOSSA Status CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Release Scorecard Supply-Chain Security

๐Ÿ” Citizen Intelligence Agency

CIA Logo

Political transparency platform monitoring Swedish political activity with data-driven insights, analytics, dashboard visualizations, and accountability metrics.

CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Deploy Scorecard supply-chain security Quality Gate Status Security Rating

โ˜๏ธ Lambda in Private VPC

AWS Lambda

Enterprise-grade multi-region active/active architecture with near-zero recovery time, comprehensive DNS failover, and AWS Resilience Hub policy compliance for mission-critical applications.

OpenSSF Scorecard Verify and Deploy Scorecard Supply-Chain Security

๐Ÿงช Sonar-CloudFormation-Plugin

SonarQube Plugin

SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.

License CII Best Practices OpenSSF Scorecard

๐Ÿ”‘ Security Services

Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.

๐Ÿ“‹ Service Overview

๐ŸŒ Availability Remote or in-person (Gothenburg)
๐Ÿ’ฐ Pricing Contact for pricing
๐Ÿข Company Hack23 AB (Org.nr 5595347807)
๐Ÿ“ง Contact LinkedIn

๐ŸŽฏ Core Service Areas

Area Services Ideal for
๐Ÿ—๏ธ Security Architecture & Strategy Enterprise Security Architecture: Design and implementation of comprehensive security frameworks
Risk Assessment & Management: Systematic identification and mitigation of security risks
Security Strategy Development: Alignment of security initiatives with business objectives
Governance Framework Design: Policy development and security awareness programs 		Organizations needing strategic security leadership and architectural guidance
โ˜๏ธ Cloud Security & DevSecOps Secure Cloud Solutions: AWS security assessment and architecture (Advanced level)
DevSecOps Integration: Security seamlessly integrated into agile development processes
Infrastructure as Code Security: Secure CloudFormation, Terraform implementations
Container & Serverless Security: Modern application security best practices 		Development teams transitioning to cloud-native architectures with security focus
๐Ÿ”ง Secure Development & Code Quality Secure SDLC Implementation: Building security into development lifecycles
CI/CD Security Integration: Automated security testing and validation
Code Quality & Security Analysis: Static analysis, vulnerability scanning
Supply Chain Security: SLSA Level 3 compliance, SBOM implementation 		Development teams seeking to embed security without slowing innovation

๐Ÿ† Specialized Expertise

Category Services Value
๐Ÿ“‹ Compliance & Regulatory Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation
ISMS Design & Implementation: Information Security Management Systems
AI Governance: Emerging AI risk management frameworks
Audit Preparation: Documentation and evidence preparation 		Navigate complex regulatory landscapes with confidence
๐ŸŒ Open Source Security Open Source Program Office: OSPO establishment and management
Vulnerability Management: Open source risk assessment and remediation
Security Tool Development: Custom security solutions and automation
Community Engagement: Open source security best practices 		Leverage open source securely while contributing to security transparency
๐ŸŽ“ Security Culture & Training Security Awareness Programs: Building organization-wide security culture
Developer Security Training: Secure coding practices and methodologies
Leadership Security Briefings: Executive-level security understanding
Incident Response Training: Preparedness and response capability building 		Transform security from barrier to enabler through education and culture

๐Ÿ’ก Why Choose Hack23 Security Services?

Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problemsโ€”we provide practical, implementable solutions that enhance security without slowing down innovation.

Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.

Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.

Project Architecture & Documentation

Project Current Architecture Security Architecture Future Vision
CIA Compliance Manager ๐Ÿ›๏ธ Architecture ๐Ÿ”’ Security ๐Ÿ”ฎ Future
Citizen Intelligence Agency ๐Ÿ›๏ธ Architecture ๐Ÿ”’ Security ๐Ÿ”ฎ Future
Project Process Flows State Diagrams Mindmaps
CIA Compliance Manager ๐Ÿ“Š Flowcharts ๐Ÿ”„ States ๐Ÿง  Mindmaps
Citizen Intelligence Agency ๐Ÿ“Š Flowcharts ๐Ÿ”„ States ๐Ÿง  Mindmaps

Professional Experience & Skills

mindmap
  root)๐Ÿ‘จโ€๐Ÿ’ผ James Pether Sรถrling(
    ๐Ÿ” Information Security
      ๐Ÿ›ก๏ธ Risk Assessment & Management
      ๐ŸŽ“ CISSP / CISM Certified
      ๐Ÿ›๏ธ Security Architecture Design
        ๐Ÿ”’ Zero Trust
        ๐Ÿ›ก๏ธ Defense-in-Depth
      โš™๏ธ Compliance Frameworks
        ISO 27001
        NIST 800-53
        VDA-ISA
        CIS Controls
        GDPR
      ๐Ÿšจ Security Operations
        Incident Response
        Vulnerability Management
        Security Monitoring
    โ˜๏ธ Cloud Security
      ๐ŸŒ Multi-Cloud: AWS, Azure
      ๐Ÿ—๏ธ Enterprise Architecture
        High Availability
        Multi-Region
        Resilience
      ๐Ÿ› ๏ธ Infrastructure as Code
        CloudFormation
        Terraform
      ๐Ÿ”’ Secure Cloud Services
        Security Hub
        GuardDuty
        KMS
        WAF
    ๐Ÿ—‚๏ธ Leadership & Governance
      ๐Ÿ‘จโ€๐Ÿ’ผ Information Security Officer
      ๐Ÿ›๏ธ Security Architect
      ๐Ÿ“ Policy Development
      โš–๏ธ IT Governance
      ๐Ÿ‘ฅ Team Leadership
      ๐ŸŒ Open Source Program Office
      ๐Ÿค– AI Governance
    ๐Ÿ’ป Software Engineering
      ๐Ÿ› ๏ธ Secure Development (SSDLC)
      ๐ŸŒฑ Java / Spring / React
      โš™๏ธ Automated Testing
      ๐Ÿ”„ CI/CD Pipelines
      ๐Ÿ“ˆ Code Quality
        SLSA Level 3
        SonarQube
    ๐ŸŒ Open Source Leadership
      ๐Ÿ‘จโ€๐Ÿ”ฌ Project Maintainer
      ๐Ÿค Community Contributor
      ๐Ÿ›ก๏ธ Security Tooling
      ๐Ÿ‘€ Code Review
Loading 
mindmap
  root((๐Ÿ‘จโ€๐Ÿ’ผ James Pether Sรถrling))
    ๐Ÿ” Information & Security Leadership
      ๐Ÿ‘จโ€๐Ÿ’ผ CISO / ISO Roles
      ๐Ÿ›ก๏ธ Security Architecture
      ๐Ÿงฉ CIA Triad Implementation
      ๐Ÿ› ๏ธ Policy Development & Governance
      ๐Ÿ“Š Risk Management
      ๐Ÿ” Audit & Compliance Oversight
      ๐Ÿค– AI Governance
      ๐ŸŒ Open Source Program Office
    ๐Ÿ›๏ธ Frameworks & Compliance
      ๐Ÿ“„ ISO 27001
      ๐Ÿ“„ NIST 800-53
      ๐Ÿ“„ VDA-ISA
      ๐Ÿ“„ CIS Controls
      ๐Ÿท๏ธ Data Protection / GDPR
      ๐Ÿ“‹ ISMS Implementation
      ๐Ÿงช Continuous Improvement
    โ˜๏ธ Cloud & Platform Security
      ๐ŸŒ Multi-Cloud (AWS / Azure)
      ๐Ÿ—๏ธ Enterprise & Reference Architectures
        ๐ŸŒ Multi-Region Design
        ๐Ÿ” Resilience & Failover
        โ™ป๏ธ High Availability Patterns
      ๐Ÿ”’ Secure Cloud Services
        Security Hub
        GuardDuty
        KMS
        WAF
      ๐Ÿงฑ Network & VPC Security
      ๐Ÿ”‘ IAM / Least Privilege
    ๐Ÿ› ๏ธ Infrastructure as Code
      ๐Ÿงพ CloudFormation
      ๐Ÿ› ๏ธ Terraform
      ๐Ÿ”„ GitOps / Pipelines
      ๐Ÿ” Template Scanning
      ๐Ÿ“ฆ Supply Chain (SLSA Level 3)
    ๐Ÿ’ป Software Engineering
      โ˜• Java / Spring
      โš›๏ธ React / TypeScript
      ๐Ÿ˜ PostgreSQL
      ๐Ÿ”„ CI/CD Automation
      ๐Ÿงช Automated Testing
      ๐Ÿงต Secure SDLC (SSDLC)
      ๐Ÿ“ˆ Code Quality (SonarQube)
    ๐Ÿ”ฌ Security Operations & Assurance
      ๐Ÿšจ Incident Response
      ๐Ÿ•ต๏ธ Vulnerability Management
      ๐Ÿ“ˆ Security Monitoring
      ๐Ÿงช Threat Modeling
      ๐Ÿ“œ Logging & SIEM Use
    ๐ŸŒ Open Source Leadership
      ๐Ÿ“‹ CIA Compliance Manager
      ๐Ÿ›๏ธ Citizen Intelligence Agency
      ๐Ÿงฉ Sonar-CloudFormation-Plugin
      ๐Ÿ”ง cfn-nag Contributions
      ๐Ÿค Community Engagement
      ๐Ÿ‘€ Code Review / Security Tooling
    ๐Ÿ† Certifications & Recognition
      ๐ŸŽ“ CISSP
      ๐ŸŽ“ CISM
      ๐Ÿฅ‡ AWS Security Specialty
      ๐Ÿฅ‡ AWS Solutions Architect Professional
      ๐Ÿ›ก๏ธ SLSA Level 3 Attestations
    ๐Ÿš€ Strategic Impact
      ๐Ÿ”“ Transparency Advocacy
      ๐Ÿงญ Security-by-Design Enablement
      ๐Ÿง  Knowledge Sharing / Speaking
      ๐Ÿ“ข Public Policy & Civic Tech
Loading

Technology & Skills

Security & Compliance

Security Architecture Risk Management ISO 27001 NIST 800-53 GDPR CIS Controls Vulnerability Management Incident Response SSDLC AI Governance Information Security Governance Security Compliance IT Audit Information System Audit

Cloud & Infrastructure

AWS CloudFormation Azure Lambda Terraform Docker Linux Unix Security Hub GuardDuty Cloud Computing Solution Architecture

Development & Languages

Java Spring TypeScript JavaScript React PostgreSQL Hibernate REST APIs Maven Software Development Software Engineering

DevOps & Tools

SonarQube GitHub Actions Jenkins ElasticSearch Kibana OWASP ZAP cfn-nag SLSA IT Operations

Leadership & Management

Leadership Security Management Information Security Management Team Management Policy Development Open Source Program Office Organizational Leadership People Management Strategic Planning

Additional Skills

Artificial Intelligence Open Source Digital Transformation Cyber Insurance Six Sigma Black Belt Business Strategy Corporate Finance ESG

Career Highlights

%%{
  init: {
    'theme': 'base',
    'themeVariables': {
      'primaryColor': '#d1c4e9',
      'primaryTextColor': '#1a1a1a',
      'primaryBorderColor': '#9575cd',
      'lineColor': '#9575cd',
      'secondaryColor': '#bbdefb',
      'tertiaryColor': '#c8e6c9'
    }
  }
}%%
timeline
    title Professional Journey
    section Enterprise Security
      2024 : Application Security Officer, Stena Group IT
            : Risk Assessment, Cloud Security, Microsoft Azure, AI Governance
      2022 - 2024 : Information Security Officer, Polestar
            : ISMS Implementation, Security Compliance, Risk Management, OSPO Lead
      2018 - 2022 : Senior Security Architect, WirelessCar
            : Security Architecture, AWS Security, Secure Development Practices
    section Cloud & Security Engineering
      2017 - 2018 : Consultant, Consid AB
            : Open Source Development, CI/CD, Docker, AWS
      2010 - 2017 : Cloud Architect, Keypasco
            : Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure
    section Software Development
      2008 - 2009 : Consultant, Redpill Linpro
            : Technical Support, System Administration, Development
      2006 - 2007 : System Developer, Sky
            : J2EE Projects, Agile Development, Test-Driven Development
      2003 - 2005 : J2EE Developer, Glu Mobile
            : Mobile Services, Integration
      2000 - 2002 : Software Engineer, Volantis Systems
            : Multi-Channel Server Product Development
Loading

Badges

Black Trigram Badges

GitHub Release License OpenSSF Scorecard CII Best Practices SLSA 3 Scorecard supply-chain security Test & Report Lines of Code Quality Gate Status Security Rating Maintainability Rating Reliability Rating FOSSA Status

CIA Compliance Manager Badges

GitHub Release License FOSSA Status CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Release Scorecard Supply-Chain Security

Citizen Intelligence Agency Badges

GitHub Release CII Best Practices OpenSSF Scorecard SLSA 3 Verify & Deploy Scorecard supply-chain security Quality Gate Status Security Rating License

Sonar-CloudFormation-Plugin Badges

License CII Best Practices OpenSSF Scorecard Maven Central

Lambda in Private VPC Badges

License OpenSSF Scorecard Verify and Deploy Scorecard Supply-Chain Security

Notable Contributions & Appearances

  • Information Security Officer at Polestar, leading security practices and the Open Source Program Office
  • Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
  • Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
  • Speaker at Javaforum Gรถteborg on secure architecture patterns
  • Guest on Shift Left Like A Boss security podcast
  • Featured in Computer Sweden and Riksdag och Departement for political transparency work
  • Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
  • Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
  • committers.top badge

๐Ÿ—บ๏ธ Site Map Overview

Hack23.com is a static, multi-language HTML/CSS site deployed to AWS S3 + CloudFront.
For the authoritative, always up-to-date sitemap, use the live page:

The sections below mirror the structure of sitemap.html with direct, HTTPS links and icons aligned with the ISMS Style Guide.

๐Ÿ  Home & Company

Mission, values, company details, and CIA Triad foundations.

๐Ÿ”‘ Security Services

Professional cybersecurity consulting focused on security architecture, cloud security, DevSecOps, and compliance โ€” with evidence-based practices and public ISMS.

๐Ÿš€ Projects (Open-Source & Reference Implementations)

Open-source and reference projects used as live demonstrations of secure architecture, transparency, and practical security.

๐ŸŽฎ Black Trigram (Security-Aware Game)

Realistic 2D precision combat simulator based on traditional Korean martial arts, used as a security-aware game and educational platform.

๐Ÿ›๏ธ Citizen Intelligence Agency (CIA)

Open-source parliamentary monitoring and OSINT platform analyzing Swedish politics.

๐Ÿ“‹ CIA Compliance Manager

Browser-based compliance and CIA-triad assessment tool with no backend, focused on risk, impact, and framework mapping.

๐ŸŽ Discordian Cybersecurity Blog & Insights

All blog content is centrally indexed here:

The blog blends ISMS-aligned policies with a Discordian, Illuminatus!-style narrative, making complex security concepts accessible while still professionally mapped to the public ISMS.

๐ŸŽญ Core Manifesto & Philosophy

Representative themes (see blog.html for the full list and latest updates):

  • ๐Ÿง  Everything You Know About Security Is a Lie
  • ๐Ÿ›๏ธ The Security-Industrial Complex
  • ๐Ÿ”’ Question Authority: Crypto Approved By Spies
  • ๐Ÿท๏ธ Think For Yourself: Classification & Data Handling

๐Ÿ›๏ธ CIA Project Series

Architecture, security, and financial/operational views of the Citizen Intelligence Agency platform:

๐ŸŽฎ Black Trigram Series

Deep dives into the architecture, biomechanics, and future roadmap of Black Trigram:

๐Ÿ“‹ Compliance Manager Series

Applies the CIA triad, STRIDE, and adaptive defense to real-world compliance tooling:

๐Ÿงช Code Analysis: โ€œGeorge Dornโ€ Series

Evidence-based code reviews based on the actual cloned repositories, not just documentation:

๐Ÿง  Thought Leadership & Election Analysis

For the full and current list of posts, see:
๐Ÿ‘‰ https://hack23.com/blog.html

๐Ÿ›ก๏ธ ISMS & Security Policies (Public ISMS)

The โ€œDiscordianโ€ documents on hack23.com mirror and explain the formal ISMS-PUBLIC repository in a more narrative, accessible style.
Key entry points:

Representative domains (see sitemap.html for the complete tree):

For the canonical policy set and machine-verifiable versions, see the public ISMS repository:
๐Ÿ”“ https://github.com/Hack23/ISMS-PUBLIC

๐ŸŒ Languages (Internationalization)

Hack23.com supports multiple languages, following the _sv / _ko conventions and language-specific sitemap pages.

๐Ÿ‡ฌ๐Ÿ‡ง English (default)

๐Ÿ‡ธ๐Ÿ‡ช Swedish

๐Ÿ‡ฐ๐Ÿ‡ท Korean

๐Ÿ‡ณ๐Ÿ‡ฑ Dutch

๐Ÿ‡ฉ๐Ÿ‡ช German

๐Ÿ‡ซ๐Ÿ‡ท French

๐Ÿ‡ฏ๐Ÿ‡ต Japanese

๐Ÿ‡จ๐Ÿ‡ณ Chinese

๐Ÿ”ง Technical Resources

Technical endpoints and repositories powering the public site:

GitHub Repositories:

Connect With Me

LinkedIn GitHub Blog Tech Talks

Profile Views

Pinned Loading

  1. Hack23/cia Hack23/cia Public

    Citizen Intelligence Agency. Open-source intelligence platform analyzing Swedish political activities using AI and data visualization. Tracks politicians, government institutions, and parliamentaryโ€ฆ

    Java 195 47

  2. Hack23/talks Hack23/talks Public

    How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

    7

  3. Hack23/cia-compliance-manager Hack23/cia-compliance-manager Public

    The CIA Compliance Manager is an application that helps organizations assess and manage the availability, integrity, and confidentiality of their systems and data based on customizable security levโ€ฆ

    TypeScript 13 4

  4. Hack23/homepage Hack23/homepage Public

    Webpage for org https://hack23.com

    HTML 4 1