This repository contains resources and talks by James Pether Sörling, focusing on secure development practices, application security testing, and compliance automation. Below you'll find resources from presentations, security testing tools, and examples for implementing secure practices in your projects.
- Secure Development Pipeline Talk
- License Tools for Java Projects
- Security Testing Tools
- Practical Examples
- Projects & Expertise
- About Me
James Pether Sörling presented this talk at Javaforum Göteborg, where he discussed how to secure your development pipeline with static application security tests (SAST), dynamic application security tests (DAST), and software composition analysis (SCA) using SonarQube.
The presentation covers:
- Integrating security into CI/CD pipelines
- DevSecOps implementation strategies
- Compliance automation techniques
- Real-world examples of security testing tools
Podcast & Videos:
- Guest on the "Shift Left Like A Boss" security podcast
- Javaforum Göteborg presentation video
Presentation Materials:
A comprehensive comparison of license compliance tools for Java projects:
This guide covers tools for license detection, compatibility analysis, and compliance management specifically for Java ecosystems.
- cfn_nag - Static analysis tool for CloudFormation templates
- SonarQube CloudFormation plugin - Integrate CloudFormation security checks into SonarQube
- Trivy - Vulnerability scanner for containers and filesystems
- Container Check Sonar plugin - Container security analysis in SonarQube
- Hack23 CIA Jenkinsfile - Real-world example of security-focused CI/CD pipeline
  | Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions.   |
 Security assessment platform for the CIA triad with compliance mapping to regulatory frameworks   |  Political transparency platform monitoring Swedish political activity with data-driven insights  |
 Multi-region active/active site leveraging Resilience Hub policy compliance and runbooks  |  SonarQube plugin for analyzing AWS CloudFormation templates with security best practices  |
| Project | Current Architecture | Security Architecture | Future Vision |
|---|---|---|---|
| CIA Compliance Manager | 🏛️ Architecture | 🔒 Security | 🔮 Future |
| Citizen Intelligence Agency | 🏛️ Architecture | 🔒 Security | 🔮 Future |
| Project | Process Flows | State Diagrams | Mindmaps |
|---|---|---|---|
| CIA Compliance Manager | 📊 Flowcharts | 🔄 States | 🧠 Mindmaps |
| Citizen Intelligence Agency | 📊 Flowcharts | 🔄 States | 🧠 Mindmaps |
Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Currently serving as Application Security Officer at Stena Group IT, with prior roles including Information Security Officer at Polestar and Senior Security Architect at WirelessCar. Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions.
I develop advanced open source tools focused on:
- 🔐 CIA Triad (Confidentiality, Integrity, Availability)
- 📊 Compliance Management
- 🔍 Political Transparency
- ☁️ Secure Cloud Architectures
Press and Mentions:
%%{ init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#a0c8e0', 'primaryTextColor': '#1a1a1a', 'primaryBorderColor': '#86b5d9', 'lineColor': '#86b5d9', 'secondaryColor': '#c8e6c9', 'tertiaryColor': '#ffda9e' } } }%% mindmap root((James Pether<br>Sörling)) Information Security ::icon(fa fa-shield) Risk Assessment & Management CISSP & CISM Certified Security Architecture Design Zero Trust Principles Defense-in-Depth Compliance Frameworks ISO 27001 NIST 800-53 VDA-ISA CIS Controls GDPR Security Operations Incident Response Vulnerability Management Security Monitoring Cloud Security ::icon(fa fa-cloud) Multi-Cloud Expertise AWS Advanced Microsoft Azure Enterprise Architecture High Availability Designs Multi-Region Deployments Resilience Engineering Infrastructure as Code CloudFormation Terraform Secure Cloud Services AWS Security Hub AWS GuardDuty KMS Encryption AWS WAF Leadership & Governance ::icon(fa fa-users) Information Security Officer Security Architect Policy Development IT Governance Team Leadership Open Source Program Office AI Governance & Security Software Engineering ::icon(fa fa-code) Secure Development (SSDLC) Java/Spring Full-Stack TypeScript/JavaScript/React Automated Testing CI/CD Pipelines Code Quality SLSA Level 3 SonarQube Open Source Leadership ::icon(fa fa-github) Project Creator & Maintainer Community Contributor Security Tool Development Code Review %%{ init: { 'theme': 'base', 'themeVariables': { 'primaryColor': '#d1c4e9', 'primaryTextColor': '#1a1a1a', 'primaryBorderColor': '#9575cd', 'lineColor': '#9575cd', 'secondaryColor': '#bbdefb', 'tertiaryColor': '#c8e6c9' } } }%% timeline title Professional Journey section Enterprise Security 2024 : Application Security Officer, Stena Group IT : Risk Assessment, Cloud Security, Microsoft Azure, AI Governance 2022 - 2024 : Information Security Officer, Polestar : ISMS Implementation, Security Compliance, Risk Management, OSPO Lead 2018 - 2022 : Senior Security Architect, WirelessCar : Security Architecture, AWS Security, Secure Development Practices section Cloud & Security Engineering 2017 - 2018 : Consultant, Consid AB : Open Source Development, CI/CD, Docker, AWS 2010 - 2017 : Cloud Architect, Keypasco : Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure section Software Development 2008 - 2009 : Consultant, Redpill Linpro : Technical Support, System Administration, Development 2006 - 2007 : System Developer, Sky : J2EE Projects, Agile Development, Test-Driven Development 2003 - 2005 : J2EE Developer, Glu Mobile : Mobile Services, Integration 2000 - 2002 : Software Engineer, Volantis Systems : Multi-Channel Server Product Development 
- Information Security Officer at Polestar, leading security practices and the Open Source Program Office
- Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
- Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
- Speaker at Javaforum Göteborg on secure architecture patterns
- Guest on Shift Left Like A Boss security podcast
- Featured in Computer Sweden and Riksdag och Departement for political transparency work
- Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
- Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.
| 🌐 Availability | Remote or in-person (Gothenburg) |
| 💰 Pricing | Contact for pricing |
| 🏢 Company | Hack23 AB (Org.nr 5595347807) |
| 📧 Contact |
| Area | Services | Ideal for |
|---|---|---|
| 🏗️ Security Architecture & Strategy | Enterprise Security Architecture: Design and implementation of comprehensive security frameworks Risk Assessment & Management: Systematic identification and mitigation of security risks Security Strategy Development: Alignment of security initiatives with business objectives Governance Framework Design: Policy development and security awareness programs | Organizations needing strategic security leadership and architectural guidance |
| ☁️ Cloud Security & DevSecOps | Secure Cloud Solutions: AWS security assessment and architecture (Advanced level) DevSecOps Integration: Security seamlessly integrated into agile development processes Infrastructure as Code Security: Secure CloudFormation, Terraform implementations Container & Serverless Security: Modern application security best practices | Development teams transitioning to cloud-native architectures with security focus |
| 🔧 Secure Development & Code Quality | Secure SDLC Implementation: Building security into development lifecycles CI/CD Security Integration: Automated security testing and validation Code Quality & Security Analysis: Static analysis, vulnerability scanning Supply Chain Security: SLSA Level 3 compliance, SBOM implementation | Development teams seeking to embed security without slowing innovation |
| Category | Services | Value |
|---|---|---|
| 📋 Compliance & Regulatory | Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation ISMS Design & Implementation: Information Security Management Systems AI Governance: Emerging AI risk management frameworks Audit Preparation: Documentation and evidence preparation | Navigate complex regulatory landscapes with confidence |
| 🌐 Open Source Security | Open Source Program Office: OSPO establishment and management Vulnerability Management: Open source risk assessment and remediation Security Tool Development: Custom security solutions and automation Community Engagement: Open source security best practices | Leverage open source securely while contributing to security transparency |
| 🎓 Security Culture & Training | Security Awareness Programs: Building organization-wide security culture Developer Security Training: Secure coding practices and methodologies Leadership Security Briefings: Executive-level security understanding Incident Response Training: Preparedness and response capability building | Transform security from barrier to enabler through education and culture |
Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problems—we provide practical, implementable solutions that enhance security without slowing down innovation.
Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.
Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.
Last updated: 2025-06-14 16:23:03