Welcome to the Hack23 homepage repository. This is the source code for Hack23, a Swedish innovation hub founded in 2025 by James Pether Sörling, focusing on precision gaming experiences, security, compliance, and transparency tools.
At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.
Our approach to cybersecurity consulting is built on a foundation of transparent practices:
- 🔍 Open Documentation: Complete ISMS framework available for review
- 📋 Policy Transparency: Detailed security policies and procedures publicly accessible
- 🎯 Demonstrable Expertise: Our own security implementation serves as a live demonstration
- 🔄 Continuous Improvement: Public documentation enables community feedback and enhancement
"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."
— James Pether Sörling, CEO/Founder
Explore information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."
Featured Content:
- 🎭 Discordian Manifesto - Everything You Know About Security Is a Lie
- 📚 Complete ISMS Coverage - All 30 posts link directly to ISMS-PUBLIC repository
- 🍎 Illuminatus! Style - FNORD detection, Chapel Perilous references, 23 FNORD 5 signatures
All hail Eris! All hail Discordia! 🍎
- Hack23
- 🔑 Security Services
- About James Pether Sörling
- Press Coverage
- 📚 CIA Triad FAQ
- 🍎 Discordian Cybersecurity Blog
- Current Projects
- Past Projects
- Badges
- 🏷️ Project Classifications According to Hack23 Framework 1. 📊 Homepage Project Classification 2. 🥋 Black Trigram Project Classification 3. 🛡️ CIA Compliance Manager Project Classification 4. 🏛️ Citizen Intelligence Agency Project Classification 5. ☁️ Lambda in Private VPC Project Classification
Hack23 AB is a Swedish registered company (Org.nr 5595347807) founded in 2025 as an innovation hub specializing in creating immersive and precise game experiences alongside expert cybersecurity consulting. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into development processes without hindering innovation. Our flagship project, Black Trigram, represents the pinnacle of realistic martial arts gaming combined with educational value.
Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.
| 🌐 Availability | Remote or in-person (Gothenburg) |
| 💰 Pricing | Contact for pricing |
| 🏢 Company | Hack23 AB (Org.nr 5595347807) |
| 📧 Contact |
| Area | Services | Ideal for |
|---|---|---|
| 🏗️ Security Architecture & Strategy | Enterprise Security Architecture: Design and implementation of comprehensive security frameworks Risk Assessment & Management: Systematic identification and mitigation of security risks Security Strategy Development: Alignment of security initiatives with business objectives Governance Framework Design: Policy development and security awareness programs | Organizations needing strategic security leadership and architectural guidance |
| ☁️ Cloud Security & DevSecOps | Secure Cloud Solutions: AWS security assessment and architecture (Advanced level) DevSecOps Integration: Security seamlessly integrated into agile development processes Infrastructure as Code Security: Secure CloudFormation, Terraform implementations Container & Serverless Security: Modern application security best practices | Development teams transitioning to cloud-native architectures with security focus |
| 🔧 Secure Development & Code Quality | Secure SDLC Implementation: Building security into development lifecycles CI/CD Security Integration: Automated security testing and validation Code Quality & Security Analysis: Static analysis, vulnerability scanning Supply Chain Security: SLSA Level 3 compliance, SBOM implementation | Development teams seeking to embed security without slowing innovation |
| Category | Services | Value |
|---|---|---|
| 📋 Compliance & Regulatory | Regulatory Compliance: GDPR, NIS2, ISO 27001 implementation ISMS Design & Implementation: Information Security Management Systems AI Governance: Emerging AI risk management frameworks Audit Preparation: Documentation and evidence preparation | Navigate complex regulatory landscapes with confidence |
| 🌐 Open Source Security | Open Source Program Office: OSPO establishment and management Vulnerability Management: Open source risk assessment and remediation Security Tool Development: Custom security solutions and automation Community Engagement: Open source security best practices | Leverage open source securely while contributing to security transparency |
| 🎓 Security Culture & Training | Security Awareness Programs: Building organization-wide security culture Developer Security Training: Secure coding practices and methodologies Leadership Security Briefings: Executive-level security understanding Incident Response Training: Preparedness and response capability building | Transform security from barrier to enabler through education and culture |
Three decades of hands-on experience in software development and security architecture means we understand the real challenges development teams face. We don't just point out problems—we provide practical, implementable solutions that enhance security without slowing down innovation.
Our approach: Security should be seamlessly integrated into your existing processes, not bolted on afterward. We help organizations build a culture of security awareness where protection becomes a natural part of how teams work, not an obstacle to overcome.
Passionate about transparency: As advocates for open source security, we believe in sharing knowledge and building community. Our solutions are designed to be understandable, maintainable, and aligned with industry best practices.
CEO/Founder of Hack23 AB (founded 2025), James is an experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions.
Professional Background:
- Current Role: CEO/Founder Hack23 AB (Jun 2025-Present), Application Security Officer at Stena Group IT (Oct 2024-Present)
- Previous Roles: Information Security Officer at Polestar (Mar 2022-Sep 2024), Senior Security Architect at WirelessCar (Jan 2018-Mar 2022)
- Certifications: CISSP, CISM, AWS Security Specialty, AWS Solutions Architect Professional
- Expertise: Security Architecture, Cloud Security, DevSecOps Integration, Open Source Security, Compliance Management
Company Information:
- Company: Hack23 AB
- Registration Number: 5595347807
- Country: Sweden
- Founded: 2025
- Industry: Cybersecurity Consulting & Gaming Innovation
- Copyright: James Pether Sörling 2008-2025
Career Highlights:
- Founded Hack23 AB in 2025 as Swedish Innovation Hub for cybersecurity and gaming
- Led Open Source Program Office at Polestar (2022-2024)
- Senior Security Architect at WirelessCar supporting secure delivery practices (2018-2022)
- Consultant roles at Omegapoint (2018) and Consid AB (2017-2018) focusing on open source development
- Cloud Architect at Keypasco developing cloud security solutions (2010-2017)
- Early career includes positions at Sky, Glu Mobile, Volantis Systems (London), and system administration roles
- Military service as NBC-Defence Group Leader in Swedish Armed Forces (1996-1997)
- Speaker at Javaforum Göteborg on secure architecture patterns
- Guest on "Shift Left Like A Boss" security podcast
- Featured in Computer Sweden and National Democratic Institute reports
Martial Arts Background:
- 1999: Black Belt Song Moo Kwan Korea - Traditional Taekwondo certification
- 2024: 3rd Dan Kukkiwon - World Taekwondo Headquarters certification
- Teaching Experience: Taekwondo instructor at multiple clubs (1994-2017) including Tor Taekwondo klub, Haga Taekwondo club, and Hworangi Taekwondo
- Cultural Integration: Deep understanding of Korean martial arts traditions directly influences the authentic techniques and educational value in Black Trigram
Core Expertise Areas:
- Security Architecture & Strategy: Enterprise security frameworks, risk assessment, policy development, AI governance
- Cloud Security & DevSecOps: AWS Advanced, multi-cloud strategies, Infrastructure as Code security, CI/CD integration
- Secure Development: SSDLC implementation, code quality analysis, supply chain security, SLSA Level 3 compliance
- Compliance & Governance: ISMS design, regulatory compliance (GDPR, NIS2, ISO 27001), audit preparation
- Open Source Security: OSPO leadership, vulnerability management, security tool development, community engagement
- Security Culture & Training: Organization-wide awareness programs, developer training, incident response capability building
Technology & Skills:
- Security & Compliance: Security Architecture, Risk Management, ISO 27001, NIST 800-53, GDPR, CIS Controls, Vulnerability Management, Incident Response, SSDLC, AI Governance
- Cloud & Infrastructure: AWS (Advanced), Microsoft Azure, CloudFormation, Terraform, Docker, Linux/Unix, Security Hub, GuardDuty, Solution Architecture
- Development & DevOps: Java/Spring, TypeScript/JavaScript/React, PostgreSQL, SonarQube, GitHub Actions, Jenkins, ElasticSearch, OWASP ZAP, SLSA Level 3
- Leadership & Management: Information Security Management, Team Leadership, Policy Development, Open Source Program Office, Strategic Planning, Six Sigma Black Belt
Links:
- Company LinkedIn: https://www.linkedin.com/company/hack23/
- Company Registration: Allabolag.se
- Personal LinkedIn: James Pether Sörling
- OpenHub Profile: https://www.openhub.net/accounts/pether
- Computer Sweden: Technology that reveals politicians
- Riksdag och Departement: CIA keeps track of parliament members
- National Democratic Institute: Parliamentary Monitoring Organizations Survey
Comprehensive FAQ covering CIA Triad implementation, data classification, compliance frameworks, security assessment tools, and best practices for information security management.
🎓 Learn the Fundamentals: https://hack23.com/cia-triad-faq.html
The CIA Triad is a fundamental security model consisting of three core principles:
- Confidentiality: Ensures sensitive information is accessible only to authorized individuals
- Integrity: Guarantees data accuracy and trustworthiness throughout its lifecycle
- Availability: Ensures information and systems are accessible when needed by authorized users
This educational resource provides professional implementation guidance aligned with NIST, ISO 27001, and GDPR compliance standards.
50+ blog posts exploring information security, ISMS policies, and cybersecurity best practices through the unique Discordian lens inspired by the Illuminatus! trilogy. "Think for yourself, question authority."
📖 Browse All Posts: https://hack23.com/blog.html
🎭 Discordian Manifesto - Everything You Know About Security Is a Lie: Nation-state capabilities, approved crypto paradox, and Chapel Perilous initiation
📚 Complete ISMS Coverage - All posts link directly to corresponding policies in our ISMS-PUBLIC repository, demonstrating radical transparency
🍎 Information Hoarding Destroys Data Integrity - How information hoarding undermines organizational knowledge integrity
- Everything You Know About Security Is a Lie - Nation-state capabilities, approved crypto paradox, Chapel Perilous initiation
- The Security-Industrial Complex - How fear became a business model and "best practices" became vendor lock-in
- Question Authority: Crypto Approved By Spies - Dual_EC_DRBG, Crypto AG, and why government approval should make you suspicious
- Think For Yourself: Classification - Classification beyond compliance theater—five levels of actually giving a damn
System architect extraordinaire revealing hidden structures through the Law of Fives and sacred geometry
CIA (Citizen Intelligence Agency) Series:
- CIA Architecture: The Five Pentacles - Five container types crystallized from the parliamentary domain
- CIA Security: Defense Through Transparency - The transparency paradox solved through mathematical proof
- CIA Future Security: The Pentagon of Tomorrow - Post-quantum cryptography and AI-augmented detection
- CIA Financial Strategy: $24.70/Day Democracy - Democracy costs through AWS optimization and golden ratio allocation
- CIA Workflows: Five-Stage CI/CD & State Machines - Five GitHub Actions workflows orchestrating DevSecOps automation
- CIA Mindmaps: Conceptual Sacred Geometry - Hierarchical thinking revealing natural organizational patterns
Compliance Manager Series:
- Compliance Manager: CIA Triad Meets Sacred Geometry - Security capability maturation measured in levels
- Compliance Security: STRIDE Through Five Dimensions - Six STRIDE categories compress into five defensive requirements
- Compliance Future: Context-Aware Security & Adaptive Defense - Future architecture transcending static assessment
Black Trigram Series:
- Black Trigram Architecture: Five Fighters, Sacred Geometry - Five fighter archetypes discovered in the combat domain
- Black Trigram Combat: 70 Vital Points & Physics of Respect - Traditional Korean martial arts biomechanics
- Black Trigram Future: VR Martial Arts & Immersive Combat - Five-year evolution from 2D fighter to VR training platform
Repository analysis based on actual cloned code—not documentation or assumptions
- CIA Code Analysis - Java 17, Spring Boot, PostgreSQL: 49 Maven modules, 1,372 Java files, 60+ DB tables
- Black Trigram Code Analysis - TypeScript 5.9, React 19, PixiJS 8: 132 files, 70 vital points system
- Compliance Manager Code Analysis - TypeScript 5.9, React 19, IndexedDB: 220 files, zero backend, 95% attack surface eliminated
- Information Security Policy - The foundation of radical transparency
- ISMS Transparency Plan - Security through radical openness: 70% public, 30% redacted
- Access Control - Trust no one (including yourself)
- Incident Response - When (not if) shit hits the fan
- Open Source Policy - Trust through transparency
- Secure Development - Code without backdoors (on purpose)
- Vulnerability Management - Patch or perish
- Threat Modeling - Know thy enemy (they already know you)
- Monitoring & Logging - If a tree falls and nobody logs it...
- Network Security - The perimeter is dead, long live the perimeter
- Physical Security - Locks, guards, and clever social engineering
- Asset Management - You can't protect what you don't know you have
- Mobile Device Management - BYOD means Bring Your Own Disaster
- Remote Access - VPNs and the death of the office
- Backup & Recovery - Restore or regret
- Business Continuity - Survive the chaos
- Disaster Recovery - Plan B when everything burns
- Risk Assessment - Calculating what you can't prevent
- Risk Register - Living document of what keeps you up at night
- Change Management - Move fast without breaking (everything)
- Compliance Checklist - Theater vs. reality
- EU Cyber Resilience Act - Brussels regulates your toaster
- Security Metrics - Measuring what actually matters
- Data Classification - Five levels of actually giving a damn
- Stakeholder Management - Who cares about your security (and why)
- ISMS Strategic Review - Keeping security frameworks relevant
- Privacy Policy - Surveillance capitalism meets anarchist data protection
- Data Protection - GDPR wants to know your location
- Third-Party Management - Trust your vendors? (LOL)
- Acceptable Use Policy - Don't do stupid shit on company systems
- Security Awareness Training - Teaching humans not to click shit
- AI Policy - Teaching machines not to hallucinate secrets
- OWASP LLM Security - Training AI not to hallucinate your secrets
- Cloud Security - Someone else's computer
- Email Security - Your CEO doesn't need iTunes cards
All posts maintain radical Illuminatus! trilogy style with "Think for yourself, question authority," FNORD detection, Chapel Perilous references, and 23 FNORD 5 signatures throughout. 🍎
🥋 어둠의 무예로 완벽한 일격을 추구하라 - "Master the dark arts through the pursuit of the perfect strike"
🔥 Flagship Project - A realistic 2D precision combat simulator inspired by traditional Korean martial arts, emphasizing anatomical targeting, realistic physics, and authentic techniques across 5 distinct fighter archetypes.
Key Features:
- 70 Anatomical Vital Points: Strategic targeting system based on traditional Korean martial arts knowledge (급소격)
- 5 Unique Player Archetypes: Musa (무사), Amsalja (암살자), Hacker, Intelligence Operative, Organized Crime
- Authentic Korean Martial Arts: Traditional techniques including Taekkyeon, Hapkido, and historical combat methods
- Realistic Combat Physics: Advanced trauma simulation and realistic damage modeling with authentic body mechanics
- Educational Gameplay: Combines traditional philosophy with modern game mechanics for cultural learning
- Precision Combat System: Emphasis on timing, positioning, and anatomical knowledge for tactical advantage
- Cultural Authenticity: Deep integration of Korean martial arts philosophy and terminology with respectful representation
Technical Specifications:
- Built with Rust for maximum performance and memory safety
- Cross-platform compatibility (Windows, macOS, Linux)
- Modern graphics rendering with realistic physics simulation
- Comprehensive testing with high code coverage
- Supply chain security with SLSA Level 3 compliance and OpenSSF best practices
Links:
A comprehensive security assessment platform for the CIA triad (Confidentiality, Integrity, Availability) with business impact analysis, compliance mapping to regulatory frameworks like NIST, ISO, GDPR, and cost estimation features.
Key Features:
- Security level assessment across CIA triad dimensions
- Compliance mapping to major frameworks (NIST, ISO, GDPR, HIPAA, SOC2, PCI DSS)
- Business impact analysis and cost estimation
- Interactive visualizations and implementation guidance
Links:
A volunteer-driven open source intelligence (OSINT) project providing comprehensive analysis of political activities in Sweden. Through advanced monitoring of key political figures and institutions, it delivers financial performance metrics, risk assessment analysis, political trend analysis, politician ranking systems, performance comparisons, and transparency insights.
Key Features:
- Interactive dashboards for political activity visualization
- Political scoreboard systems and performance rankings
- Critical analysis tools for political trends and voting patterns
- Transparency metrics and accountability measures
- Data-driven insights from authoritative Swedish government sources
Links:
A multi-region active/active website leveraging AWS Resilience Hub policy compliance and runbooks for rapid recovery from failures and high availability. Demonstrates cloud architecture best practices for availability and resilience.
Links:
SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards. Integrates CFN-nag static analysis capabilities into SonarQube for enhanced infrastructure as code security scanning.
Links:
Following the Hack23 Classification & Business Continuity Framework guidelines
-lightgrey?style=for-the-badge&logo=clock&logoColor=black){kind=icon}
-lightgrey?style=for-the-badge&logo=database&logoColor=black){kind=icon}
| Impact Category | Financial | Operational | Reputational | Regulatory |
|---|---|---|---|---|
| 🔒 Confidentiality |  |  |  |  |
| ✅ Integrity | |  |  | |
| ⏱️ Availability | |  | | |
