Hack23 AB Conseil Premium en Cybersécurité | Seul ISMS Public de Suède

Excellence en sécurité par transparence radicale. Expert ISO 27001, RGPD/NIS2 et conseil en sécurité AWS en Suède.

Plus de 30 ans d'expertise • Certifié CISSP/CISM • ISO 27001 éprouvé • Basé à Göteborg

Explore Services View Public ISMS
📖 Learn More About Hack23 AB

At Hack23 AB, transparency operationalizes trust: every security control, risk assessment, and compliance decision is publicly documented through Sweden's only fully public ISMS, creating unprecedented credibility in cybersecurity consulting.

Founded in 2025 and based in Gothenburg, Sweden, we deliver expert security services across four integrated business lines:

1. Cybersecurity Consulting ISO 27001, GDPR, NIS2, AWS security architecture, DevSecOps integration
2. CIA Compliance Manager Automated CIA Triad assessments with NIST/ISO 27001/GDPR/HIPAA/SOC2 compliance mapping
3. Citizen Intelligence Agency Plateforme de transparence parlementaire suédoise et de responsabilité démocratique
4. Black Trigram Educational Korean martial arts game demonstrating security best practices

Led by James Pether Sörling (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), AWS Security Specialty) with 30+ years of experience, Hack23 proves that security accelerates—rather than blocks—innovation when built on radical transparency.

OpenSSF Scorecard Deploy GitHub Hack23

🏆 Security & Quality Evidence

View our comprehensive security validation and quality metrics (15+ badges)

🔒 Security

OpenSSF Scorecard Scorecards OpenSSF Best Practices

🚀 Build Status

Deploy Quality Checks Dependency Review

📋 Compliance

ISMS Public Security Policy ISO 27001 GDPR

🏢 Company

Website GitHub Hack23 LinkedIn Company Swedish Company Registration OpenHub Profile
🌟 Why Hack23? 🥋 Black Trigram Game 🔒 CIA Compliance Manager 🔍 Citizen Intelligence Agency 🍎 Security Blog Follow Company

🌟 Pourquoi choisir Hack23 AB?

Le seul cabinet de conseil en cybersécurité de Suède avec un ISMS entièrement public, démontrant la transparence et l'excellence en sécurité qui accélère l'innovation au lieu de l'entraver.

Différenciateurs Clés

🔓 Radical Transparency

Le seul système de gestion de la sécurité de l'information (SGSI) entièrement public de Suède avec 93 contrôles ISO 27001, registres de risques expurgés et documentation politique complète accessible au public. Découvrez exactement comment nous mettons en œuvre la sécurité - aucune pratique cachée, pas de théâtre de sécurité.

  • 70% public / 30% responsibly redacted documentation
  • Live security metrics via OpenSSF Scorecard
  • Transparent risk assessments and treatment tracking

🎯 Proven Expertise

30+ years of hands-on software development and security architecture experience, backed by industry-leading certifications and real-world enterprise implementations.

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) certified security professional
  • AWS Security Specialty & Solutions Architect Pro
  • Led security programs at Stena AB, Polestar, WirelessCar, and other major enterprises

⚡ Security Accelerates Innovation

Security-enabled development that integrates seamlessly into DevSecOps workflows. We prove that proper security controls accelerate—not block—innovation and time-to-market.

  • SLSA Level 3 supply chain security implementations
  • Automated compliance validation & CI/CD integration
  • Zero-trust architectures with real-world performance

Practical Value

🛠️ Practical Solutions

No security theater—only implementable solutions tested in production. Our open-source projects demonstrate security best practices with measurable outcomes.

  • Open-source security tools used in production
  • Documented threat models & security architectures
  • Real-world AWS multi-region resilience patterns

📊 Measurable Outcomes

Data-driven security with quantifiable risk metrics, automated compliance tracking, and continuous improvement demonstrated through public documentation.

  • Quantitative risk assessment methodologies
  • Security KPIs aligned to business objectives
  • Automated compliance mapping (ISO/NIST/GDPR/NIS2)

🌍 Nordic Innovation Hub

Gothenburg-based cybersecurity expertise combining Swedish innovation culture with international enterprise experience across automotive, logistics, and technology sectors.

  • Remote or in-person consulting (Gothenburg)
  • English & Swedish service delivery
  • GDPR/NIS2 compliance for Nordic market

🛡️ Information Security Governance

Démontrer la sécurité par la transparence. Notre système de gestion de la sécurité de l'information (SGSI) public montre comment les contrôles de niveau entreprise permettent l'innovation, la prestation de conseil et le développement de produits. Accédez à l'ensemble de documentation continuellement amélioré et à la politique de sécurité de l'information directrice couvrant l'objectif, les principes, les rôles et notre modèle de risque et de conformité.

📋 Public ISMS Repository

Living documentation: policies, redacted registers, resilience & secure development practices (~70% public / 30% responsibly redacted).

ISMS Public Repository

🔒 Information Security Policy

Core policy: purpose, scope, principles (Security by Design, Transparency, Continuous Improvement, Business Value), roles & document map.

Information Security Policy

🔑 Security Services

Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.

🏗️ Security Architecture & Strategy

Enterprise security frameworks, risk assessment, and governance aligned with business objectives.

  • Architecture de Sécurité d'Entreprise
  • Risk Assessment & Management
  • Security Strategy Development

☁️ Cloud Security & DevSecOps

AWS security assessment, Infrastructure as Code security, CI/CD integration.

  • Secure Cloud Solutions (AWS Advanced)
  • DevSecOps Integration
  • Container & Serverless Security

🔧 Secure Development & Compliance

SDLC security integration, ISO 27001, GDPR/NIS2 compliance, OSPO management.

  • CI/CD Security Integration
  • Regulatory Compliance (GDPR, NIS2, ISO 27001)
  • Open Source Security
View All Services & Expertise Areas →

🚀 Produits

Modèle de livraison open source avec transparence totale dans l'architecture et la documentation de sécurité

Black Trigram

🥋 Black Trigram

Precision combat simulator with 70 vital points system, 5 archetypes, and authentic Korean martial arts techniques.

Learn More → 🎮 Play Now
CIA Compliance

🔐 CIA Compliance Manager

Security assessment platform with CIA Triad evaluation and compliance mapping to NIST, ISO 27001, GDPR, HIPAA, SOC2.

Learn More → 🚀 Try Demo
CIA Project

🔍 Citizen Intelligence Agency

Swedish political transparency OSINT platform with parliamentary monitoring and accountability metrics.

Learn More → ✨ Features
View All Projects & Demos →

💼 CEO James Pether Sörling

Leadership & Expertise

Company Leadership & Security Expert

James Pether Sörling, CEO of Hack23 AB

CEO/Founder of Hack23 AB, James brings over 30 years of information technology experience, specializing in security architecture, cloud security, and compliance. Professional certifications include CISSP, CISM, AWS Security Specialty, and AWS Solutions Architect Professional.

🎯 Key Qualifications:

CISSP CISM AWS Security Specialty AWS Solutions Architect Pro

🏢 Recent Leadership Roles:

  • Jun 2025-Present: CEO / Founder, Hack23 AB
  • Oct 2024-Jul 2025: Application Security Officer, Stena AB
  • Mar 2022-Sep 2024: Information Security Officer, Polestar
  • Jan 2018-Mar 2022: Senior Security Architect, WirelessCar
LinkedIn Profile Technical Talks Security Blog

Recent Professional Experience

Extensive leadership experience in enterprise security and cloud architecture across major organizations:

  • Jun 2025-Present: Chief Executive Officer, Hack23 AB - Direction du pôle d'innovation suédois, Game Development Strategy
  • Oct 2024-Jul 2025: Application Security Officer, Stena AB - Évaluation des risques, Sécurité cloud, Gouvernance IA
  • Mar 2022-Sep 2024: Information Security Officer, Polestar - ISMS Implementation, Security Compliance, OSPO Lead

Martial Arts Background

James has extensive experience in traditional Korean martial arts, bringing authentic knowledge to the Black Trigram project:

  • 1999: Black Belt Song Moo Kwan Korea - Traditional Taekwondo certification
  • 2024: 3rd Dan Kukkiwon - World Taekwondo Headquarters certification
  • 2015-2017: Taekwondo Instructor, Tor Taekwondo klub - Teaching children's classes
  • 2002-2003: Taekwondo Instructor, Haga Taekwondo club - Community instruction
  • 1994-1996: Taekwondo Instructor, Hworangi Taekwondo - Early teaching experience

Martial Arts Philosophy: This deep understanding of Korean martial arts traditions directly influences the authentic techniques, cultural respect, and educational value integrated into Black Trigram's combat system.

Career History

Expérience en Architecture d'Entreprise

Security architecture and consulting roles at leading technology companies:

  • Jan 2018-Mar 2022: Senior Security Architect, WirelessCar - Architecture de sécurité, Sécurité AWS, Développement sécurisé
  • Jan 2018-Nov 2018: Consultant, Omegapoint - Security Architect role at WirelessCar
  • Mar 2017-Jan 2018: Consultant, Consid AB - Open Source Development, CI/CD, AWS
  • 2010-Mar 2017: Cloud Architect, Keypasco - Solutions de sécurité cloud, Architecture multi-niveaux

Principales réalisations : Fondation de Hack23 AB en 2025, direction du Open Source Program Office chez Polestar, mise en œuvre d'architectures de sécurité d'entreprise, conférence au Javaforum Göteborg, présenté dans Computer Sweden.

Parcours en Développement Logiciel

Foundation experiences in software engineering and system development:

  • 2008-2009: Consultant, Redpill Linpro - Technical support and client assignments across Sweden, Norway, Denmark
  • 2007-2008: Consultant, Singlegrid (London) - Continuous integration and build management solutions
  • 2006-2007: System Developer, Sky (London) - J2EE projects using XP/Agile development
  • 2003-2005: J2EE Developer, Glu Mobile (London) - Mobile service products development
  • 2000-2002: Software Engineer, Volantis Systems (London) - Multi-channel server product design and implementation

Début de Carrière & Service Militaire

Foundation experiences that shaped leadership and technical expertise:

  • 1999-2003: Unix Helpdesk/Teaching Assistant, Chalmers University of Technology - System administration and tutorial teaching
  • Jun-Aug 1999: Visual C++ Programmer, IETV AB - Production control system development
  • 1996-1997: NBC-Defence Group Leader, Forces armées suédoises - Leadership and security responsibilities
  • 1993-1996: Founder, Equal Rites BBS - Early networking and system administration (Fidonet node 2:203/454)

🎤 Technical Talks & Presentations

🎙️ Javaforum Göteborg

Presentation on secure architecture patterns and best practices for enterprise Java applications.

▶️ Watch Presentation

🎙️ Shift Left Like A Boss

Apparition invité sur podcast de sécurité discutant des pratiques DevSecOps et de la sécurité de la chaîne d'approvisionnement.

🎧 Listen to Podcast

Press Coverage

Computer Sweden

This article highlights the innovative use of technology in revealing the activities of politicians. It features James Pether Sörling's work in leveraging data-driven insights to promote transparency in political processes.

Read Article

Riksdag och Departement

Une publication suédoise qui discute du rôle de la Citizen Intelligence Agency dans la surveillance des politiciens. Elle souligne l'engagement de James Pether Sörling à promouvoir la responsabilité en politique grâce à l'utilisation stratégique de la technologie.

Read Article

National Democratic Institute

A comprehensive survey report that underscores the importance of parliamentary monitoring organizations in Sweden. It acknowledges James Pether Sörling's significant contributions to these organizations, reinforcing his commitment to strengthening democratic processes.

View Report

Past Projects

Sonar-CloudFormation-Plugin

SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.

CII Best Practices OpenSSF Scorecard

View All Badges

Quality & Security
License Maven Central
GitHub Maven Central

CIA Dashboard

Political activity dashboard for Sweden, offering comprehensive visualizations of parliamentary activity and political performance metrics.

View Documentation

Frequently Asked Questions

Common questions about Hack23's cybersecurity services, public ISMS, and approach to security consulting.

Qu'est-ce qui rend Hack23 AB différent des autres cabinets de conseil en cybersécurité?

Hack23 AB exploite le seul Système de Gestion de la Sécurité de l'Information (SMSI) entièrement public de Suède, démontrant une transparence radicale avec 93 contrôles ISO 27001 documentés publiquement. Contrairement aux cabinets traditionnels, nous prouvons nos pratiques de sécurité par des projets open source et des résultats mesurables.

Différenciateurs clés:

  • SMSI Public: 70% de nos contrôles de sécurité sont ouvertement accessibles pour examen
  • Open Source: Tous nos outils et frameworks de sécurité sont disponibles sur GitHub
  • Bilan éprouvé : Évaluations OpenSSF Scorecard et badges CII Best Practices
  • Innovation sécurisée : Nous montrons qu'une sécurité appropriée accélère plutôt qu'elle n'entrave l'innovation

What cybersecurity services does Hack23 AB offer?

We provide comprehensive cybersecurity consulting services including:

  • Security Architecture & Strategy: Design and implementation of robust security frameworks
  • Cloud Security & DevSecOps: AWS specialty with SLSA Level 3 supply chain security
  • Secure Development & Code Quality: Integration of security into CI/CD pipelines
  • Compliance & Regulatory: ISO 27001, GDPR, NIS2, CRA implementation and auditing
  • Open Source Security: OSPO management and supply chain risk assessment
  • Security Culture & Training: Building security awareness and best practices

Tous les services sont fournis à distance ou en personne à Göteborg, Suède, disponibles en anglais et suédois.

What certifications does Hack23 AB hold?

Our CEO James Pether Sörling holds industry-leading certifications:

  • CISSP: Certified Information Systems Security Professional by (ISC)²
  • CISM: Certified Information Security Manager by ISACA
  • AWS Certified Security - Specialty: Advanced cloud security expertise
  • AWS Certified Solutions Architect - Professional: Enterprise architecture design

These certifications are backed by 30+ years of hands-on software development and security architecture experience, demonstrating deep technical expertise combined with strategic security leadership.

How does Hack23's public ISMS benefit clients?

Our public ISMS provides unprecedented transparency that directly benefits clients:

  • Pre-Engagement Verification: Review our actual security controls, risk assessments, policies, and compliance documentation before engagement
  • Real-World Implementation: See proven implementation of ISO 27001, GDPR, NIS2, and other frameworks
  • Evidence-Based Expertise: Our expertise is demonstrated through documented evidence rather than marketing claims
  • Best Practices Reference: Use our public ISMS as a template for your own security program
  • Balanced Transparency: ~70% public documentation with 30% responsibly redacted for operational security

Visit our Public ISMS Repository to explore our security controls and documentation.

Where is Hack23 AB located and do you work remotely?

Hack23 AB is based in Gothenburg, Sweden (Org.nr 5595347807). We offer flexible engagement options:

  • Remote Consulting: Services delivered across Europe and globally via secure remote channels
  • In-Person Engagements: Available in the Gothenburg area and across Sweden
  • Support linguistique : Services professionnels en anglais et suédois
  • Time Zone: Central European Time (CET/CEST)

Our remote-first approach is backed by secure communication protocols and collaboration tools, ensuring effective delivery regardless of location.

What is the CIA Compliance Manager?

CIA Compliance Manager is our flagship open-source security assessment platform that evaluates Confidentiality, Integrity, and Availability (CIA Triad) with enterprise features:

  • Automated Assessment: Comprehensive evaluation of security controls across all three CIA domains
  • Business Impact Analysis: Quantify security risks and their business impact
  • Compliance Mapping: Automatic mapping to NIST, ISO 27001, GDPR, HIPAA, SOC2, and CRA frameworks
  • Threat Modeling: Integrated STRIDE analysis and risk visualization
  • Evidence Collection: Automated documentation for audits and compliance reporting

Learn more about CIA Compliance Manager features and how it demonstrates our practical approach to security automation.

How does Hack23 approach DevSecOps and secure development?

We integrate security seamlessly into development workflows without sacrificing velocity:

  • CI/CD Integration: Automated security testing in every build pipeline
  • SLSA Level 3: Supply chain security with provenance attestation and build integrity
  • Shift-Left Security: Security testing early in the development lifecycle
  • Continuous Compliance: Automated validation against security standards
  • Security as Code: Infrastructure and security controls defined in version control
  • Open Source Best Practices: OpenSSF Scorecard ratings and CII Best Practices badges

Our open-source projects demonstrate real-world DevSecOps implementation that maintains development velocity while ensuring security. Visit our GitHub organization to see our security automation in action.

🔍 Free Security Assessment Checklist

Download our comprehensive 95-point security assessment guide. Evaluate your organization's security posture across 7 critical domains: Architecture, Access Control, Data Protection, Network Security, Vulnerability Management, Incident Response, and Compliance.

Based on ISO 27001, NIST CSF, and CIS Controls • Used by Enterprise Security Teams

Get Your Free Checklist