Why Choose Hack23? | Sweden's Only Public ISMS Cybersecurity Consulting

🌟 What Makes Hack23 Different?

In a cybersecurity consulting market filled with vague claims and hidden practices, Hack23 AB stands out through radical transparency, active practitioner expertise, and a developer-friendly approach that treats security as an enabler of innovation—not a barrier.

Founded in 2025 and based in Gothenburg, Sweden, we're the nation's only cybersecurity consultancy with a fully public Information Security Management System (ISMS). Every policy, control, and risk assessment is openly documented, demonstrating our commitment to verifiable security excellence.

🔓 1. Radical Transparency: Sweden's Only Public ISMS

What This Means

Our complete Information Security Management System is publicly available on GitHub, including:

93 ISO 27001 controls with implementation details
30+ security policies covering all domains
Risk registers (redacted for sensitivity)
Threat models for all our projects
Compliance frameworks (GDPR, NIS2, CRA)
Security architectures with diagrams

Why This Matters

Verifiable expertise over empty claims. Anyone can claim to be a security expert. We prove it by showing exactly how we implement security in our own operations.

🔍 Full Transparency: See exactly how we practice what we preach
✅ Trust Through Evidence: No "trust us" required—verify everything
📚 Learning Resource: Our ISMS serves as a template for your implementation
🎯 No Security Theater: Every control has a purpose and implementation

View Public ISMS on GitHub →

🏆 Competitive Advantage

While competitors hide their security practices behind "proprietary" labels, we demonstrate competence through public scrutiny. Our public ISMS has been reviewed by thousands of security professionals worldwide, continuously improving through community feedback.

👨‍💻 2. Active Practitioner, Not "Retired Consultant"

Current Role

James Pether Sörling, our founder, is currently the Application Security Officer at Stena Group IT (October 2024–Present), one of Sweden's largest enterprise organizations.

What this means for clients:

✅ Current, Real-World Experience: Active daily security work, not outdated knowledge
✅ Modern Technology Stack: Hands-on with latest tools, frameworks, and threats
✅ Enterprise-Scale Challenges: Solving complex problems in large organizations
✅ Continuous Learning: Staying current with evolving security landscape

30+ Years of Progressive Experience

2024–Present: Application Security Officer, Stena Group IT
2022–2024: Information Security Officer, Polestar
2018–2022: Senior Security Architect, WirelessCar (Volkswagen Group)
Earlier roles: Security Architect, Developer, System Administrator

Certifications: CISSP, CISM, AWS Security Specialty, AWS Solutions Architect Professional

⚠️ The "Retired Consultant" Problem

Many cybersecurity consultancies are led by individuals who haven't done hands-on security work in years. They rely on outdated methodologies, lack understanding of modern development practices (DevSecOps, cloud-native, containers), and provide generic advice disconnected from current realities.

Hack23's Difference: We consult based on current, active experience—not theory or nostalgia for "the way things used to be done."

🌍 3. Active Open Source Contributor & Advocate

Real Open Source Projects

We don't just talk about security—we build tools and contribute to the community:

🔒 CIA Compliance Manager: Open-source security assessment platform for CIA Triad analysis with compliance mapping (NIST, ISO 27001, GDPR, HIPAA, SOC2)
🔍 Citizen Intelligence Agency: Parliamentary transparency platform using OSINT methodology to enhance democratic accountability in Sweden
🥋 Black Trigram: Educational Korean martial arts game demonstrating secure development practices and cultural preservation through technology
☁️ Lambda in Private VPC: Multi-region resilient AWS architecture reference implementation
🔧 Sonar-CloudFormation Plugin: Security scanning for Infrastructure as Code

View Projects on GitHub →

Why Open Source Matters

🛠️ Practical Skills: Building real tools proves we understand security engineering
🌐 Community Engagement: Active participation in security community discussions
📖 Transparent Development: All code, commits, and security decisions are public
🎓 Knowledge Sharing: Contributing to collective security knowledge
✅ Security Best Practices: SLSA Level 3, OpenSSF Scorecard, CII Best Practices

📊 Open Source Credentials

Our projects achieve high security ratings: OpenSSF Scorecard compliance, SLSA Level 3 supply chain security, and CII Best Practices badges. We practice the security we preach.

🚀 4. Security That Enables Innovation, Not Blocks It

The Traditional Problem

Most security consultancies approach security as a gatekeeper function:

❌ Long approval processes that slow development
❌ Generic checklists that don't fit your context
❌ "No" as the default answer to innovation
❌ Security silos disconnected from development teams
❌ Bureaucracy that creates resentment toward security

The Hack23 Approach

We integrate security into development workflows, not as a barrier:

✅ DevSecOps Integration: Security automated in CI/CD pipelines
✅ Shift-Left Security: Catch issues early when they're cheap to fix
✅ Developer Empowerment: Tools and training for self-service security
✅ Risk-Based Decisions: Pragmatic trade-offs based on business context
✅ Secure by Default: Make the easy path the secure path
✅ Continuous Improvement: Security feedback loops, not one-time audits

💡 Real-World Example

At Polestar, we integrated security into agile development processes, enabling developers to ship secure code faster. At WirelessCar (Volkswagen Group), we built DevSecOps pipelines that automated compliance checks, reducing manual security reviews from weeks to hours while improving security posture.

🎯 5. Full-Stack Security: Architecture to Implementation to Compliance

Complete Security Coverage

Unlike consultancies that specialize in narrow areas, Hack23 provides end-to-end security expertise:

🏗️ Security Architecture & Strategy

Enterprise security architecture design
Zero Trust Architecture implementation
Threat modeling and risk assessment
Security strategy and governance

☁️ Cloud Security & DevSecOps

AWS security (Advanced level, certified)
Multi-cloud security strategy
Container and serverless security
Infrastructure as Code (CloudFormation, Terraform)

🛡️ Secure Development

Secure SDLC implementation
CI/CD security integration
Supply chain security (SLSA, SBOM)
Code quality and security analysis

Compliance & Governance

📋 Regulatory Compliance

ISO 27001 implementation and certification prep
GDPR data protection and privacy
NIS2 Directive compliance
EU Cyber Resilience Act (CRA)
SOC2, HIPAA, PCI-DSS guidance

🏛️ Governance & Management

ISMS design and implementation
Security policy development
AI governance frameworks
Open Source Program Office (OSPO) establishment

🔗 Why Full-Stack Matters

Security problems rarely fit into neat categories. A compliance requirement has architectural implications. A cloud misconfiguration reflects gaps in policy and training. By understanding the entire security lifecycle, we provide solutions that work holistically—not just check boxes.

🏅 Proven Credentials & Industry Recognition

Professional Certifications

🏆 CISSP (Certified Information Systems Security Professional)
🏆 CISM (Certified Information Security Manager)
☁️ AWS Certified Security – Specialty
☁️ AWS Certified Solutions Architect – Professional

30+ Years Experience

Progressive career from developer → system administrator → security architect → CISO-level roles at:

Stena Group IT (current)
Polestar (automotive/EV)
WirelessCar (Volkswagen Group connected vehicles)
Multiple enterprise organizations across industries

Thought Leadership & Recognition

🎤 Conference Speaker: Presented at industry security conferences
🎙️ Podcast Guest: Featured on cybersecurity podcasts
📰 Media Appearances: Quoted in security publications
💼 LinkedIn Presence: Active thought leadership on security topics
🌐 Open Source Community: Recognized contributor on OpenHub

Connect on LinkedIn →

📊 Hack23 vs. Typical Cybersecurity Consultancy

See how we compare to traditional cybersecurity consulting firms:

Comparison of security consulting features between Hack23 AB and typical consultancies
Feature	Hack23 AB	Typical Consultancy
ISMS Documentation	✅ Fully public on GitHub (30+ policies, 93 controls)	❌ Proprietary, not shared with clients
Practitioner Status	✅ Current Application Security Officer at Stena Group IT	⚠️ Often years removed from hands-on work
Open Source Contributions	✅ Active contributor (CIA Manager, Black Trigram, etc.)	❌ Rarely contribute to community
Security Approach	✅ Security enables innovation	⚠️ Often creates bureaucracy and slowdowns
Evidence of Expertise	✅ Public security architectures, threat models, policies	❌ "Trust us" with no verifiable evidence
Development Understanding	✅ Deep DevSecOps, CI/CD, cloud-native expertise	⚠️ Limited understanding of modern development
Compliance Frameworks	✅ ISO 27001, GDPR, NIS2, CRA, SLSA, NIST	➖ Usually 1-2 frameworks
Cloud Security	✅ AWS certified (Security + Solutions Architect Pro)	➖ Varies widely
Transparency	✅ Radical transparency as core value	❌ "Security through obscurity" mindset
Learning Resources	✅ Public templates, tools, documentation	❌ Everything proprietary, no knowledge sharing

💰 Value Proposition

You're not just hiring a consultant—you're gaining access to proven frameworks, open-source tools, public documentation, and current real-world expertise that you can verify before engagement.

💬 Client Success Stories

Organizations that have worked with Hack23 benefit from our transparent, practical approach to security:

🚀 Enterprise Client Results

Client testimonials and case studies will be added here as engagements are completed and clients provide permission to share results.

Expected Benefits:

✅ Faster security implementations (weeks vs. months)
✅ Developer adoption of security practices
✅ Compliance achievements (ISO 27001, GDPR, etc.)
✅ Reduced security incidents through proactive controls
✅ Cost savings from automation and efficiency

📈 Track Record

Previous organizational achievements:

Led security programs at Polestar (automotive/EV industry)
Architected security for WirelessCar (Volkswagen Group)
Currently securing enterprise applications at Stena Group IT
Built security automation reducing manual reviews by 80%+
Integrated DevSecOps into agile teams without slowing velocity

Interested in becoming a client? We're selective about engagements to ensure we can deliver exceptional value. Contact us to discuss your security challenges.

🤝 Ready to Work with Hack23?

If you're looking for transparent, practical, evidence-based cybersecurity consulting that accelerates your business rather than slowing it down, let's talk.

Connect on LinkedIn Review Our Public ISMS Learn About Our Services

🎯 Ideal Clients

We work best with organizations that:

✅ Value transparency and evidence over claims
✅ Want security that enables business, not blocks it
✅ Are committed to security culture, not just compliance checkboxes
✅ Operate in cloud-native, DevOps, or agile environments
✅ Need regulatory compliance (ISO 27001, GDPR, NIS2, etc.)
✅ Appreciate open source and community contribution