Security & Open Source Expert | Cloud Security Specialist | Information Security Professional
๐ค Talks & Resources by James Pether Sรถrling
This repository contains resources and talks by James Pether Sรถrling, focusing on secure development practices, application security testing, and compliance automation. Below you'll find resources from presentations, security testing tools, and examples for implementing secure practices in your projects.
๐ Contents
- Referenced ISMS Policies
- Secure Development Pipeline Talk
- License Tools for Java Projects
- Security Testing Tools
- Practical Examples
- Projects & Expertise
- About Me
Swedish innovation hub specializing in creating immersive and precise game experiences alongside expert cybersecurity consulting and solutions.
๐ Commitment to Transparency and Security
At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.
๐ Security Through Transparency
Our approach to cybersecurity consulting is built on a foundation of transparent practices:
- ๐ Open Documentation: Complete ISMS framework available for review
- ๐ Policy Transparency: Detailed security policies and procedures publicly accessible
- ๐ฏ Demonstrable Expertise: Our own security implementation serves as a live demonstration
- ๐ Continuous Improvement: Public documentation enables community feedback and enhancement
"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."
โ James Pether Sรถrling, CEO/Founder
๐ Discordian Cybersecurity Insights
Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."
๐ Security Blog: 30+ Posts
Everything You Know About Security Is a Lie โ Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation. Complete ISMS coverage with radical transparency.
Featured Content:
- ๐ญ Discordian Manifesto - Everything You Know About Security Is a Lie
- ๐ Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
- ๐ Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures
All hail Eris! All hail Discordia! ๐
๐ณ๏ธ Riksdagsmonitor
๐ช๐บ EU Parliament Monitor
|
European Parliament Intelligence Platform โ an automated multi-language news platform that monitors EU Parliament activities with 14-language support, covering plenary sessions, committee reports, propositions, and breaking news.
|
๐ European Parliament MCP Server
|
Model Context Protocol Server for European Parliament Open Data โ providing AI assistants with structured access to MEPs, plenary sessions, committees, legislative documents, and parliamentary questions through a secure, type-safe TypeScript implementation.
|
๐ Citizen Intelligence Agency
|
Political transparency platform monitoring Swedish political activity with data-driven insights, analytics, dashboard visualizations, and accountability metrics.
|
๐ฅ Black Trigram (ํ๊ด)
๐ CIA Compliance Manager
|
Security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis and compliance mapping to regulatory frameworks like NIST, ISO, GDPR, HIPAA, and SOC2.
|
๐ฎ Game Template
โ๏ธ Lambda in Private VPC
|
Enterprise-grade multi-region active/active architecture with near-zero recovery time, comprehensive DNS failover, and AWS Resilience Hub policy compliance for mission-critical applications.
|
๐งช Sonar-CloudFormation-Plugin
|
SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.
|
๐ Referenced ISMS Policies
All security practices and compliance approaches discussed in these presentations are backed by Hack23 AB's publicly available Information Security Management System (ISMS). This demonstrates our commitment to security-through-transparency.
Core Security Policies
| Policy Area | Document | Description |
|---|---|---|
| ๐ Information Security | Information Security Policy | Foundation of our security management system, defining security principles and governance structure |
| ๐ ๏ธ Secure Development | Secure Development Policy | DevSecOps practices, CI/CD security, SAST/DAST/SCA requirements, and compliance automation |
| ๐ Open Source Compliance | Open Source Policy | Open source license compliance, SBOM generation, and vulnerability management |
| ๐ค Third-Party Management | Third Party Management | Vendor security assessment, supply chain risk management, and procurement security |
| ๐ Vulnerability Management | Vulnerability Management Procedure | Systematic approach to identifying, assessing, and remediating security vulnerabilities |
For a complete mapping of presentation topics to ISMS policies, see ISMS_REFERENCE_GUIDE.md.
๐ Secure Development Pipeline Talk
James Pether Sรถrling presented this talk at Javaforum Gรถteborg, where he discussed how to secure your development pipeline with static application security tests (SAST), dynamic application security tests (DAST), and software composition analysis (SCA) using SonarQube.
The presentation covers:
- Integrating security into CI/CD pipelines
- DevSecOps implementation strategies
- Compliance automation techniques
- Real-world examples of security testing tools
Podcast & Videos:
- Guest on the "Shift Left Like A Boss" security podcast
- Javaforum Gรถteborg presentation video
Presentation Materials:
๐ License Tools for Java Projects
A comprehensive comparison of license compliance tools for Java projects:
This guide covers tools for license detection, compatibility analysis, and compliance management specifically for Java ecosystems.
๐ก๏ธ Security Testing Tools
CloudFormation Security
- cfn_nag - Static analysis tool for CloudFormation templates
- SonarQube CloudFormation plugin - Integrate CloudFormation security checks into SonarQube
Container Security
- Trivy - Vulnerability scanner for containers and filesystems
- Container Check Sonar plugin - Container security analysis in SonarQube
CI/CD Examples
- Hack23 CIA Jenkinsfile - Real-world example of security-focused CI/CD pipeline
๐ฅ Black Trigram (ํ๊ด)
|
Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions.
|
๐ Featured Projects
๐๏ธ Project Architecture & Documentation
| Project | Current Architecture | Security Architecture | Future Vision |
|---|---|---|---|
| CIA Compliance Manager |
๐๏ธ Architecture | ๐ Security | ๐ฎ Future |
 Citizen Intelligence Agency |
๐๏ธ Architecture | ๐ Security | ๐ฎ Future |
| Project | Process Flows | State Diagrams | Mindmaps |
|---|---|---|---|
| CIA Compliance Manager |
๐ Flowcharts | ๐ States | ๐ง Mindmaps |
| Citizen Intelligence Agency |
๐ Flowcharts | ๐ States | ๐ง Mindmaps |
๐ค About Me
Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Currently serving as Application Security Officer at Stena Group IT, with prior roles including Information Security Officer at Polestar and Senior Security Architect at WirelessCar. Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions.
I develop advanced open source tools focused on:
- ๐ CIA Triad (Confidentiality, Integrity, Availability)
- ๐ Compliance Management
- ๐ Political Transparency
- โ๏ธ Secure Cloud Architectures
๐ Featured in Press & Media
๐ค Technical Talks & Presentations
๐ Professional Certifications
Professional Experience & Skills
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#a0c8e0',
'primaryTextColor': '#1a1a1a',
'primaryBorderColor': '#86b5d9',
'lineColor': '#86b5d9',
'secondaryColor': '#c8e6c9',
'tertiaryColor': '#ffda9e'
}
}
}%%
mindmap
root((James Pether<br>Sรถrling))
Information Security
::icon(fa fa-shield)
Risk Assessment & Management
CISSP & CISM Certified
Security Architecture Design
Zero Trust Principles
Defense-in-Depth
Compliance Frameworks
ISO 27001
NIST 800-53
VDA-ISA
CIS Controls
GDPR
Security Operations
Incident Response
Vulnerability Management
Security Monitoring
Cloud Security
::icon(fa fa-cloud)
Multi-Cloud Expertise
AWS Advanced
Microsoft Azure
Enterprise Architecture
High Availability Designs
Multi-Region Deployments
Resilience Engineering
Infrastructure as Code
CloudFormation
Terraform
Secure Cloud Services
AWS Security Hub
AWS GuardDuty
KMS Encryption
AWS WAF
Leadership & Governance
::icon(fa fa-users)
Information Security Officer
Security Architect
Policy Development
IT Governance
Team Leadership
Open Source Program Office
AI Governance & Security
Software Engineering
::icon(fa fa-code)
Secure Development (SSDLC)
Java/Spring Full-Stack
TypeScript/JavaScript/React
Automated Testing
CI/CD Pipelines
Code Quality
SLSA Level 3
SonarQube
Open Source Leadership
::icon(fa fa-github)
Project Creator & Maintainer
Community Contributor
Security Tool Development
Code Review
Career Highlights
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#d1c4e9',
'primaryTextColor': '#1a1a1a',
'primaryBorderColor': '#9575cd',
'lineColor': '#9575cd',
'secondaryColor': '#bbdefb',
'tertiaryColor': '#c8e6c9'
}
}
}%%
timeline
title Professional Journey
section Enterprise Security
2024 : Application Security Officer, Stena Group IT
: Risk Assessment, Cloud Security, Microsoft Azure, AI Governance
2022 - 2024 : Information Security Officer, Polestar
: ISMS Implementation, Security Compliance, Risk Management, OSPO Lead
2018 - 2022 : Senior Security Architect, WirelessCar
: Security Architecture, AWS Security, Secure Development Practices
section Cloud & Security Engineering
2017 - 2018 : Consultant, Consid AB
: Open Source Development, CI/CD, Docker, AWS
2010 - 2017 : Cloud Architect, Keypasco
: Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure
section Software Development
2008 - 2009 : Consultant, Redpill Linpro
: Technical Support, System Administration, Development
2006 - 2007 : System Developer, Sky
: J2EE Projects, Agile Development, Test-Driven Development
2003 - 2005 : J2EE Developer, Glu Mobile
: Mobile Services, Integration
2000 - 2002 : Software Engineer, Volantis Systems
: Multi-Channel Server Product Development
๐ ๏ธ Technology & Skills
๐ Notable Contributions & Appearances
- Information Security Officer at Polestar, leading security practices and the Open Source Program Office
- Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
- Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
- Speaker at Javaforum Gรถteborg on secure architecture patterns
- Guest on Shift Left Like A Boss security podcast
- Featured in Computer Sweden and Riksdag och Departement for political transparency work
- Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
- Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
Project Badges & Status
๐ค Connect With Me
๐ Security Services
Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.
๐ Service Overview
| ๐ Availability | Remote or in-person (Gothenburg) |
| ๐ฐ Pricing | Contact for pricing |
| ๐ข Company | Hack23 AB (Org.nr 5595347807) |
| ๐ง Contact |
๐ฏ Core Service Areas
| Area | Services | Ideal for |
|---|---|---|
| ๐๏ธ Security Architecture & Strategy |
Enterprise Security Architecture: Design and implementation of comprehensive security frameworks Risk Assessment & Management: Systematic identification and mitigation of security risks Security Strategy Development: Alignment of security initiatives with business objectives Governance Framework Design: Policy development and security awareness programs |
Organizations needing strategic security leadership and architectural guidance |
| โ๏ธ Cloud Security & DevSecOps |
Secure Cloud Solutions: AWS security assessment and architecture (Advanced level) DevSecOps Integration: Security seamlessly integrated into agile development processes Infrastructure as Code Security: Secure CloudFormation, Terraform implementations Container & Serverless Security: Modern application security best practices |
Development teams transitioning to cloud-native architectures with security focus |
| ๐ง Secure Development & Code Quality |
Secure SDLC Implementation: Building security into development lifecycles CI/CD Security Integration: Automated security testing and validation Code Quality & Security Analysis: Static analysis, vulnerability scanning Supply Chain Security: SLSA Level 3 compliance, SBOM implementation |
Development teams seeking to embed security without slowing innovation |
๐ Specialized Expertise
| Category | Services | Value |
|---|---|---|
| ๐ Compliance & Regulatory |
Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation ISMS Design & Implementation: Information Security Management Systems AI Governance: Emerging AI risk management frameworks Audit Preparation: Documentation and evidence preparation |
Navigate complex regulatory landscapes with confidence |
| ๐ Open Source Security |
Open Source Program Office: OSPO establishment and management Vulnerability Management: Open source risk assessment and remediation Security Tool Development: Custom security solutions and automation Community Engagement: Open source security best practices |
Leverage open source securely while contributing to security transparency |
| ๐ Security Culture & Training |
Security Awareness Programs: Building organization-wide security culture Developer Security Training: Secure coding practices and methodologies Leadership Security Briefings: Executive-level security understanding Incident Response Training: Preparedness and response capability building |
Transform security from barrier to enabler through education and culture |
๐ก Why Choose Hack23 Security Services?
Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problemsโwe provide practical, implementable solutions that enhance security without slowing down innovation.
Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.
Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.
Last updated: 2025-06-14 16:23:03