Hack23 AB 高端网络安全咨询 | 瑞典唯一的公共ISMS

通过彻底透明实现安全卓越。瑞典ISO 27001、GDPR/NIS2、新加坡PDPA/MAS和AWS安全咨询专家。

30+年专业知识 • CISSP/CISM认证 • ISO 27001验证 • 总部位于哥德堡

探索服务 View Public ISMS
📖 Learn More About Hack23 AB

At Hack23 AB, transparency operationalizes trust: every security control, risk assessment, and compliance decision is publicly documented through Sweden's only fully public ISMS, creating unprecedented credibility in cybersecurity consulting.

Founded in 2025 and based in Gothenburg, Sweden, we deliver expert security services across four integrated business lines:

1. Cybersecurity Consulting ISO 27001, GDPR, NIS2, Singapore PDPA/MAS Cybersecurity, AWS security architecture, DevSecOps integration
2. CIA Compliance Manager Automated CIA Triad assessments with NIST/ISO 27001/GDPR/HIPAA/SOC2/Singapore PDPA compliance mapping
3. Citizen Intelligence Agency 促进瑞典议会透明度和民主问责的平台
4. Black Trigram Educational Korean martial arts game demonstrating security best practices

Led by James Pether Sörling (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), AWS Security Specialty) with 30+ years of experience, Hack23 proves that security accelerates—rather than blocks—innovation when built on radical transparency.

OpenSSF Scorecard Deploy GitHub Hack23

🏆 Security & Quality Evidence

View our comprehensive security validation and quality metrics (15+ badges)

🔒 Security

OpenSSF Scorecard Scorecards OpenSSF Best Practices

🚀 Build Status

Deploy Quality Checks Dependency Review

📋 Compliance

ISMS Public Security Policy ISO 27001 GDPR

🏢 Company

Website GitHub Hack23 LinkedIn Company Swedish Company Registration OpenHub Profile
🌟 Why Hack23? 🥋 Black Trigram Game 🔒 CIA Compliance Manager 🔍 Citizen Intelligence Agency 🍎 Security Blog Follow Company

🌟 为什么选择Hack23 AB?

瑞典唯一拥有完全公开ISMS的网络安全咨询公司,展示透明度和安全卓越,加速而非阻碍创新。

核心差异化优势

🔓 Radical Transparency

瑞典唯一完全公开的信息安全管理系统(ISMS),拥有93项ISO 27001控制措施、编辑的风险登记册以及完整的政策文档公开可用。准确了解我们如何实施安全——没有隐藏的做法,没有安全表演。

  • 70% public / 30% responsibly redacted documentation
  • Live security metrics via OpenSSF Scorecard
  • Transparent risk assessments and treatment tracking

🎯 Proven Expertise

30+ years of hands-on software development and security architecture experience, backed by industry-leading certifications and real-world enterprise implementations.

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) certified security professional
  • AWS Security Specialty & Solutions Architect Pro
  • Led security programs at Stena AB, Polestar, WirelessCar, and other major enterprises

⚡ Security Accelerates Innovation

Security-enabled development that integrates seamlessly into DevSecOps workflows. We prove that proper security controls accelerate—not block—innovation and time-to-market.

  • SLSA Level 3 supply chain security implementations
  • Automated compliance validation & CI/CD integration
  • Zero-trust architectures with real-world performance

Practical Value

🛠️ Practical Solutions

No security theater—only implementable solutions tested in production. Our open-source projects demonstrate security best practices with measurable outcomes.

  • Open-source security tools used in production
  • Documented threat models & security architectures
  • Real-world AWS multi-region resilience patterns

📊 Measurable Outcomes

Data-driven security with quantifiable risk metrics, automated compliance tracking, and continuous improvement demonstrated through public documentation.

  • Quantitative risk assessment methodologies
  • Security KPIs aligned to business objectives
  • Automated compliance mapping (ISO/NIST/GDPR/NIS2)

🌍 Nordic Innovation Hub

Gothenburg-based cybersecurity expertise combining Swedish innovation culture with international enterprise experience across automotive, logistics, and technology sectors.

  • Remote or in-person consulting (Gothenburg)
  • English & Swedish service delivery
  • GDPR/NIS2 compliance for Nordic market

🛡️ Information Security Governance

通过透明度展示安全性。我们的公开信息安全管理系统(ISMS)展示了企业级控制如何推动创新、咨询交付和产品开发。访问持续改进的文档集和管理信息安全政策,涵盖目的、原则、角色以及我们的风险和合规模型。

📋 Public ISMS Repository

Living documentation: policies, redacted registers, resilience & secure development practices (~70% public / 30% responsibly redacted).

ISMS Public Repository

🔒 Information Security Policy

Core policy: purpose, scope, principles (Security by Design, Transparency, Continuous Improvement, Business Value), roles & document map.

Information Security Policy

🔑 Security Services

Professional cybersecurity consulting services delivered remotely or in-person in Gothenburg. Drawing from over three decades of experience in software development and security architecture, we deliver practical security solutions that integrate seamlessly into your development processes without hindering innovation.

🏗️ Security Architecture & Strategy

Enterprise security frameworks, risk assessment, and governance aligned with business objectives.

  • 企业安全架构
  • Risk Assessment & Management
  • Security Strategy Development

☁️ Cloud Security & DevSecOps

AWS security assessment, Infrastructure as Code security, CI/CD integration.

  • Secure Cloud Solutions (AWS Advanced)
  • DevSecOps Integration
  • Container & Serverless Security

🔧 Secure Development & Compliance

SDLC security integration, ISO 27001, GDPR/NIS2 compliance, OSPO management.

  • CI/CD Security Integration
  • Regulatory Compliance (GDPR, NIS2, ISO 27001)
  • Open Source Security
View All Services & Expertise Areas →

🚀 产品

开源交付模式,架构和安全文档完全透明

Black Trigram

🥋 Black Trigram

Precision combat simulator with 70 vital points system, 5 archetypes, and authentic Korean martial arts techniques.

Learn More → 🎮 Play Now
CIA Compliance

🔐 CIA Compliance Manager

Security assessment platform with CIA Triad evaluation and compliance mapping to NIST, ISO 27001, GDPR, HIPAA, SOC2.

Learn More → 🚀 Try Demo
CIA Project

🔍 Citizen Intelligence Agency

Swedish political transparency OSINT platform with parliamentary monitoring and accountability metrics.

Learn More → ✨ Features
View All Projects & Demos →

💼 CEO James Pether Sörling

Leadership & Expertise

Company Leadership & Security Expert

James Pether Sörling, CEO of Hack23 AB

CEO/Founder of Hack23 AB, James brings over 30 years of information technology experience, specializing in security architecture, cloud security, and compliance. Professional certifications include CISSP, CISM, AWS Security Specialty, and AWS Solutions Architect Professional.

🎯 Key Qualifications:

CISSP CISM AWS Security Specialty AWS Solutions Architect Pro

🏢 Recent Leadership Roles:

  • Jun 2025-Present: CEO / Founder, Hack23 AB
  • Oct 2024-Jul 2025: Application Security Officer, Stena AB
  • Mar 2022-Sep 2024: Information Security Officer, Polestar
  • Jan 2018-Mar 2022: Senior Security Architect, WirelessCar
LinkedIn Profile Technical Talks Security Blog

Recent Professional Experience

Extensive leadership experience in enterprise security and cloud architecture across major organizations:

  • Jun 2025-Present: Chief Executive Officer, Hack23 AB - 瑞典创新中心领导, Game Development Strategy
  • Oct 2024-Jul 2025: Application Security Officer, Stena AB - 风险评估、云安全、AI治理
  • Mar 2022-Sep 2024: Information Security Officer, Polestar - ISMS Implementation, Security Compliance, OSPO Lead

Martial Arts Background

James has extensive experience in traditional Korean martial arts, bringing authentic knowledge to the Black Trigram project:

  • 1999: Black Belt Song Moo Kwan Korea - Traditional Taekwondo certification
  • 2024: 3rd Dan Kukkiwon - World Taekwondo Headquarters certification
  • 2015-2017: Taekwondo Instructor, Tor Taekwondo klub - Teaching children's classes
  • 2002-2003: Taekwondo Instructor, Haga Taekwondo club - Community instruction
  • 1994-1996: Taekwondo Instructor, Hworangi Taekwondo - Early teaching experience

Martial Arts Philosophy: This deep understanding of Korean martial arts traditions directly influences the authentic techniques, cultural respect, and educational value integrated into Black Trigram's combat system.

Career History

企业架构经验

Security architecture and consulting roles at leading technology companies:

  • Jan 2018-Mar 2022: Senior Security Architect, WirelessCar - 安全架构、AWS安全、安全开发
  • Jan 2018-Nov 2018: Consultant, Omegapoint - Security Architect role at WirelessCar
  • Mar 2017-Jan 2018: Consultant, Consid AB - Open Source Development, CI/CD, AWS
  • 2010-Mar 2017: Cloud Architect, Keypasco - 云安全解决方案、多层架构

主要成就:2025年创立Hack23 AB,领导Polestar的开源项目办公室,实施企业安全架构,在Javaforum Göteborg发表演讲,被Computer Sweden报道。

软件开发背景

Foundation experiences in software engineering and system development:

  • 2008-2009: Consultant, Redpill Linpro - Technical support and client assignments across Sweden, Norway, Denmark
  • 2007-2008: Consultant, Singlegrid (London) - Continuous integration and build management solutions
  • 2006-2007: System Developer, Sky (London) - J2EE projects using XP/Agile development
  • 2003-2005: J2EE Developer, Glu Mobile (London) - Mobile service products development
  • 2000-2002: Software Engineer, Volantis Systems (London) - Multi-channel server product design and implementation

早期职业生涯与军事服役

Foundation experiences that shaped leadership and technical expertise:

  • 1999-2003: Unix Helpdesk/Teaching Assistant, Chalmers University of Technology - System administration and tutorial teaching
  • Jun-Aug 1999: Visual C++ Programmer, IETV AB - Production control system development
  • 1996-1997: NBC-Defence Group Leader, 瑞典武装部队 - Leadership and security responsibilities
  • 1993-1996: Founder, Equal Rites BBS - Early networking and system administration (Fidonet node 2:203/454)

🎤 Technical Talks & Presentations

🎙️ Javaforum Göteborg

Presentation on secure architecture patterns and best practices for enterprise Java applications.

▶️ Watch Presentation

🎙️ Shift Left Like A Boss

安全播客嘉宾出席,讨论DevSecOps实践和供应链安全。

🎧 Listen to Podcast

Press Coverage

Computer Sweden

This article highlights the innovative use of technology in revealing the activities of politicians. It features James Pether Sörling's work in leveraging data-driven insights to promote transparency in political processes.

Read Article

Riksdag och Departement

一份瑞典出版物,讨论了公民情报局在监督政治家方面的作用。它强调了James Pether Sörling致力于通过战略性地使用技术来促进政治问责制的承诺。

Read Article

National Democratic Institute

A comprehensive survey report that underscores the importance of parliamentary monitoring organizations in Sweden. It acknowledges James Pether Sörling's significant contributions to these organizations, reinforcing his commitment to strengthening democratic processes.

View Report

Past Projects

Sonar-CloudFormation-Plugin

SonarQube plugin for analyzing AWS CloudFormation templates with security best practices based on NIST, CWE, and ISO standards.

CII Best Practices OpenSSF Scorecard

View All Badges

Quality & Security
License Maven Central
GitHub Maven Central

CIA Dashboard

Political activity dashboard for Sweden, offering comprehensive visualizations of parliamentary activity and political performance metrics.

View Documentation

Frequently Asked Questions

Common questions about Hack23's cybersecurity services, public ISMS, and approach to security consulting.

Hack23 AB与其他网络安全咨询公司有什么不同?

Hack23 AB运营瑞典唯一的完全公开信息安全管理系统(ISMS),通过公开记录的93个ISO 27001控制措施展示彻底的透明度。与传统咨询公司不同,我们通过开源项目和可衡量的成果证明我们的安全实践。

主要差异化优势:

  • 公开ISMS: 70%的安全控制措施可公开访问审查
  • 开源: 我们所有的安全工具和框架都可在GitHub上获得
  • 经验证的记录: OpenSSF Scorecard评级和CII最佳实践徽章
  • 安全驱动创新:我们证明适当的安全措施能够加速而非阻碍创新

What cybersecurity services does Hack23 AB offer?

We provide comprehensive cybersecurity consulting services including:

  • Security Architecture & Strategy: Design and implementation of robust security frameworks
  • Cloud Security & DevSecOps: AWS specialty with SLSA Level 3 supply chain security
  • Secure Development & Code Quality: Integration of security into CI/CD pipelines
  • Compliance & Regulatory: ISO 27001, GDPR, NIS2, Singapore PDPA/MAS Cybersecurity, CRA implementation and auditing
  • Open Source Security: OSPO management and supply chain risk assessment
  • Security Culture & Training: Building security awareness and best practices

所有服务均可通过远程或亲临瑞典哥德堡的方式提供,提供英语和瑞典语服务。

What certifications does Hack23 AB hold?

Our CEO James Pether Sörling holds industry-leading certifications:

  • CISSP: Certified Information Systems Security Professional by (ISC)²
  • CISM: Certified Information Security Manager by ISACA
  • AWS Certified Security - Specialty: Advanced cloud security expertise
  • AWS Certified Solutions Architect - Professional: Enterprise architecture design

These certifications are backed by 30+ years of hands-on software development and security architecture experience, demonstrating deep technical expertise combined with strategic security leadership.

How does Hack23's public ISMS benefit clients?

Our public ISMS provides unprecedented transparency that directly benefits clients:

  • Pre-Engagement Verification: Review our actual security controls, risk assessments, policies, and compliance documentation before engagement
  • Real-World Implementation: See proven implementation of ISO 27001, GDPR, NIS2, and other frameworks
  • Evidence-Based Expertise: Our expertise is demonstrated through documented evidence rather than marketing claims
  • Best Practices Reference: Use our public ISMS as a template for your own security program
  • Balanced Transparency: ~70% public documentation with 30% responsibly redacted for operational security

Visit our Public ISMS Repository to explore our security controls and documentation.

Where is Hack23 AB located and do you work remotely?

Hack23 AB is based in Gothenburg, Sweden (Org.nr 5595347807). We offer flexible engagement options:

  • Remote Consulting: Services delivered across Europe and globally via secure remote channels
  • In-Person Engagements: Available in the Gothenburg area and across Sweden
  • 语言支持:提供英语和瑞典语专业服务
  • Time Zone: Central European Time (CET/CEST)

Our remote-first approach is backed by secure communication protocols and collaboration tools, ensuring effective delivery regardless of location.

What is the CIA Compliance Manager?

CIA Compliance Manager is our flagship open-source security assessment platform that evaluates Confidentiality, Integrity, and Availability (CIA Triad) with enterprise features:

  • Automated Assessment: Comprehensive evaluation of security controls across all three CIA domains
  • Business Impact Analysis: Quantify security risks and their business impact
  • Compliance Mapping: Automatic mapping to NIST, ISO 27001, GDPR, HIPAA, SOC2, and CRA frameworks
  • Threat Modeling: Integrated STRIDE analysis and risk visualization
  • Evidence Collection: Automated documentation for audits and compliance reporting

Learn more about CIA Compliance Manager features and how it demonstrates our practical approach to security automation.

How does Hack23 approach DevSecOps and secure development?

We integrate security seamlessly into development workflows without sacrificing velocity:

  • CI/CD Integration: Automated security testing in every build pipeline
  • SLSA Level 3: Supply chain security with provenance attestation and build integrity
  • Shift-Left Security: Security testing early in the development lifecycle
  • Continuous Compliance: Automated validation against security standards
  • Security as Code: Infrastructure and security controls defined in version control
  • Open Source Best Practices: OpenSSF Scorecard ratings and CII Best Practices badges

Our open-source projects demonstrate real-world DevSecOps implementation that maintains development velocity while ensuring security. Visit our GitHub organization to see our security automation in action.

🔍 Free Security Assessment Checklist

Download our comprehensive 95-point security assessment guide. Evaluate your organization's security posture across 7 critical domains: Architecture, Access Control, Data Protection, Network Security, Vulnerability Management, Incident Response, and Compliance.

Based on ISO 27001, NIST CSF, and CIS Controls • Used by Enterprise Security Teams

Get Your Free Checklist