Swedish Cybersecurity Consulting · Public ISMS · Civic-Tech & AI Political-Intelligence Open Source
🛡️ ISO 27001:2022 · 🔐 NIST CSF 2.0 · 🎯 CIS Controls v8.1 · 🇪🇺 GDPR & EU CRA · ☁️ AWS Security · 🤖 AI Newsrooms · 🍎 Discordian Transparency
"Specialists in security architecture, cloud security, DevSecOps, AI governance and open source — building radical transparency into every layer."
Make security and democratic transparency tangible through evidence-based open source.
Hack23 AB is an independent Swedish cybersecurity consultancy and civic-tech publisher founded by James Pether Sörling. We deliver:
- 🔐 Cybersecurity consulting — security architecture, cloud/AWS security, DevSecOps, ISMS implementation, AI governance and compliance (ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1, GDPR, NIS2, EU CRA).
- 🛡️ A fully public ISMS — 38 policies, machine-verifiable, version-controlled at Hack23/ISMS-PUBLIC.
- 🤖 Six flagship open-source projects — political-intelligence platforms, AI newsrooms, compliance tooling and a Korean martial-arts simulator — all Apache-2.0 and aligned with the same ISMS.
- 🍎 30+ Discordian cybersecurity blog posts — accessible, narrative-driven security writing that maps back to formal policies.
- 🎙️ Conference talks, training and security culture work — turning security from a barrier into an enabler.
Everything we ship is non-partisan, ad-free, GDPR-clean, privacy-by-design and architecturally engineered so it cannot be weaponised for partisan or commercial influence.
🌟 Help us keep our public ISMS, AI political newsrooms and civic-tech open source. All flagship projects are Apache-2.0, ad-free and operationally funded by Hack23 AB plus generous sponsors.
| ☕ Personal | 🏢 Professional | 🏛️ Institutional |
|---|---|---|
|
Individuals, students, journalists, civic activists. Funds:
|
Security professionals, dev teams, OSPOs, NGOs. Funds:
|
Universities, research institutes, media organisations. Funds:
|
👉 Sponsor at https://github.com/sponsors/Hack23 — every contribution is acknowledged (unless anonymity is requested) and helps keep parliamentary monitoring, AI-driven journalism and the Hack23 ISMS independent.
%%{init: {"theme":"base","themeVariables":{"primaryColor":"#0066CC","primaryTextColor":"#fff","primaryBorderColor":"#003366","lineColor":"#94A3B8","secondaryColor":"#003399","tertiaryColor":"#7B1FA2","background":"#0F172A"}}}%%
graph TB
subgraph CONSULT["💼 Hack23 AB — Cybersecurity Consulting"]
SVC["🔑 Services<br/>hack23.com/services.html<br/>Architecture · Cloud · DevSecOps · Compliance"]
ISMS["🔓 Public ISMS<br/>github.com/Hack23/ISMS-PUBLIC<br/>38 policies · ISO 27001:2022 · NIST CSF 2.0"]
BLOG["🍎 Discordian Blog<br/>hack23.com/blog.html<br/>30+ posts · 8 languages"]
end
subgraph SOURCES["📡 Primary Open Data"]
EP["🇪🇺 European Parliament<br/>data.europarl.europa.eu"]
RD["🇸🇪 Riksdagen<br/>data.riksdagen.se"]
REG["🇸🇪 Regeringskansliet<br/>regeringen.se"]
end
subgraph MCP["🔌 MCP Servers (AI Bridges)"]
EPMCP["🇪🇺 European-Parliament-MCP-Server<br/>npm: european-parliament-mcp-server<br/>62 tools · 9 resources · 7 prompts"]
end
subgraph CIVIC["🏛️ Civic-Tech Platforms (Apache 2.0)"]
CIA["🕵️ Citizen Intelligence Agency<br/>github.com/Hack23/cia<br/>Java 26 · Spring · 110 DB views · 1971–2024"]
RM["🗳️ Riksdagsmonitor<br/>riksdagsmonitor.com<br/>11 agentic workflows · 14 languages"]
EUM["🇪🇺 EU Parliament Monitor<br/>euparliamentmonitor.com<br/>9 agentic workflows · 14 languages"]
end
subgraph PRODUCT["📋 Products & Platforms"]
CCM["📋 CIA Compliance Manager<br/>ciacompliancemanager.com<br/>npm: cia-compliance-manager<br/>React 19 · TypeScript 6"]
BT["🥋 Black Trigram<br/>blacktrigram.com<br/>npm: blacktrigram<br/>Three.js · React 19 · 70 vital points"]
GAME["🎮 Game Template<br/>github.com/Hack23/game<br/>SLSA 3 secure-by-default starter"]
end
subgraph AUDIENCE["👥 Audience"]
USERS["Citizens · Journalists · Researchers · NGOs · Security teams · AI assistants (Claude · Cursor · Copilot · VS Code)"]
end
EP --> EPMCP
EPMCP --> EUM
RD --> CIA
REG --> CIA
CIA -->|"15 subsystems · nightly sync"| RM
EUM --> USERS
RM --> USERS
CIA --> USERS
CCM --> USERS
BT --> USERS
EPMCP -.->|"AI assistants"| USERS
SVC --> USERS
ISMS --> CIVIC
ISMS --> PRODUCT
BLOG --> USERS
style CONSULT fill:#003366,stroke:#0066CC,color:#fff
style ISMS fill:#0066CC,stroke:#003366,color:#fff
style EPMCP fill:#6366F1,stroke:#4F46E5,color:#fff
style CIA fill:#006B3F,stroke:#003F25,color:#fff
style RM fill:#00338D,stroke:#FECC00,color:#fff
style EUM fill:#003399,stroke:#FFCC00,color:#fff
style CCM fill:#0066CC,stroke:#003366,color:#fff
style BT fill:#000000,stroke:#FFD700,color:#FFD700
Single mission, one ISMS, one license (Apache-2.0), one set of compliance frameworks — applied identically across consulting, civic-tech and commercial products.
Each project has its own ISMS-aligned SECURITY_ARCHITECTURE.md, THREAT_MODEL.md, OpenSSF Scorecard, OpenSSF Best Practices badge, SLSA 3 attestation and SonarCloud quality gate.
AI-driven monitoring of Sweden's Riksdag, Government and public agencies — 349 current MPs, 2,494 historical politicians (1971–2024), 3.5M+ votes, 109,000+ documents, 14 languages, every day.
🔗 Surfaces: Live · Political Intelligence Hub · AI Newsroom · Dashboard · Sitemap · Features · Docs
Brussels and Strasbourg made readable. AI-newsroom over the European Parliament's open data — 8 unified gh-aw workflows, 51 analytical artifacts per run, 14 languages, 1,700+ daily artifacts, full Admiralty / WEP / SAT / ACH tradecraft.
🔗 Surfaces: Live · Political Intelligence Hub · Sitemap · API Docs · Features · Docs
Canonical TypeScript Model Context Protocol server bridging the European Parliament Open Data Portal v2 to any MCP-aware AI client (Claude Desktop, VS Code, Cursor, GitHub Copilot). 62 tools, 9 resources, 7 prompts, full GDPR-by-design.
🔗 Surfaces: Repository · npm · API Docs · Features · Docs
Java/Spring/Vaadin OSINT platform monitoring Sweden's Riksdag, Government and Myndigheter since 2008. 110 database views, 50 risk-detection rules, 1971–2024 longitudinal coverage, 3.5M+ votes, 109K+ documents. The data backbone behind Riksdagsmonitor.
🔗 Surfaces: Repository · Architecture · Security Architecture · Threat Model · Features · Docs
React 19 / TypeScript 6 platform for CIA-triad assessment, multi-framework compliance, threat modeling and business-impact quantification. Available as a live web app and a tree-shakeable npm library with 10 subpath exports.
🔗 Surfaces: Live App · npm · API Docs · Features · Docs
Production-ready 3D precision combat simulator. Eight I Ching trigram stances · 70 vital points · 51 authentic Korean martial-arts techniques · 5 fighter archetypes · 60fps desktop / 55fps+ mobile. React 19 · Three.js · TypeScript 6 · Vite 8.
🔗 Surfaces: Play · API Docs · Security Architecture · Threat Model · Features · Docs
Reference implementation of a secure web-game project: React + TypeScript + Three.js + Vite, SLSA 3, full SBOM, automated security testing, ISMS-policy mapping ready to fork.
Battle-tested reference implementation: AWS Lambda in a private VPC with VPC endpoints, CloudFront, WAF, KMS encryption, CloudTrail and Security Hub integration.
Open-source SonarQube plugin that brings CloudFormation IaC scanning into existing SonarQube/SonarCloud quality gates.
A fully public, version-controlled, machine-verifiable Information Security Management System. 38 policies covering access control, cryptography, secure development, threat modeling, vulnerability management, AI governance, GDPR privacy, EU CRA, ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1.
| Domain | Key Policies |
|---|---|
| 🛠️ Secure Development | Secure Development Policy · Threat Modeling · Vulnerability Management · Change Management |
| 🔑 Access & Identity | Access Control Policy · Segregation of Duties · Mobile Device Management |
| 🌐 Network & Crypto | Network Security Policy · Cryptography Policy |
| 💾 Continuity | Backup & Recovery · Business Continuity Plan · Disaster Recovery Plan |
| 🚨 Incident | Incident Response Plan |
| 🤖 AI & LLM | AI Policy · OWASP LLM Security Policy |
| 📊 Risk & Compliance | Risk Register · Risk Assessment Methodology · Compliance Checklist · Security Metrics · ISMS Metrics Dashboard |
| 🇪🇺 Regulatory | Privacy Policy (GDPR) · CRA Conformity Assessment Process (EU CRA) · ISO 5230 Self-Certification |
| 🌟 Transparency | ISMS Transparency Plan · Open Source Policy · STYLE_GUIDE |
🌟 Why public? Because security claims must be auditable. Every customer, regulator, journalist or curious citizen can read, fork, critique or reuse our ISMS — and can independently verify that what we ship matches what we say.
We deliver hands-on, evidence-based cybersecurity work across five practice areas. Read the full service catalogue at hack23.com/services.html.
| 🔐 Security Architecture | ☁️ Cloud Security & DevSecOps | 📋 Compliance & Regulatory |
|---|---|---|
|
Threat modeling (STRIDE, MITRE ATT&CK), zero-trust architecture, secure SDLC, OWASP Top 10 / SAMM, identity & access, cryptography & key management. Read more → |
AWS Well-Architected (Security pillar), VPC & WAF design, IAM least-privilege, GuardDuty / Security Hub / KMS / CloudTrail, GitHub Actions hardening, SLSA 3, SBOM. Read more → |
ISO 27001:2022, NIST CSF 2.0, CIS Controls v8.1, GDPR, NIS2, EU CRA, AI Act, SOC 2 readiness, supplier due-diligence, SBOM & ISO 5230 alignment. Read more → |
| 🌐 Open Source & OSPO | 🎓 Training & Security Culture | 🤖 AI Governance |
|
OSPO setup, license & SBOM management, contributor agreements, OpenSSF Scorecard adoption, supply-chain hardening, FOSSA / FOSDEM workflows. Read more → |
Tabletop exercises, secure-coding workshops, threat-modeling clinics, executive briefings, Discordian-style narrative training that actually sticks. Read more → |
OWASP LLM Top 10, AI Act readiness, prompt-injection defence, agentic-workflow review (gh-aw), MCP server hardening, AI-in-CI/CD risk assessment. Read more → |
📨 Engage us: https://hack23.com/contact.html · LinkedIn: https://www.linkedin.com/in/jamessorling/
30+ posts of accessible, narrative-driven security writing — every post maps back to formal ISMS policies and reference implementations.
Selected pillar posts:
- 🍎 The Discordian Manifesto for Cybersecurity
- 🛡️ Building a Public ISMS — Why & How
- 🔌 What Is the Model Context Protocol (and How We Use It for Open Government Data)
- 🤖 Agentic Workflows for Political Journalism — gh-aw, Claude Opus, Zero Editors
- 🇪🇺 EU Cyber Resilience Act — A Self-Assessment Walkthrough
→ Full archive at hack23.com/blog.html (8 languages, JSON-LD structured data, full RSS).
Founder & CEO of Hack23 AB. 25+ years in software security, cloud architecture, civic-tech and OSINT. Independent, non-partisan, opinionated about transparency.
mindmap
root((👨💼 James Pether Sörling<br/>CEO · Hack23 AB))
🔐 Security
Architecture
Threat modeling
Cryptography
AppSec / OWASP
☁️ Cloud
AWS Solutions Architect
Well-Architected
DevSecOps
Lambda · VPC · KMS · WAF
🛡️ Compliance
ISO 27001:2022
NIST CSF 2.0
CIS Controls v8.1
GDPR · NIS2 · EU CRA · AI Act
🌐 Open Source
Apache 2.0 advocate
OSPO setup
Public ISMS author
OpenSSF Scorecard
🇸🇪 Civic Tech
OSINT tradecraft
Riksdag · EU · Government data
AI political journalism
Democratic transparency
🍎 Discordian
Narrative security writing
30+ blog posts
Conference talks
→ Full bio, certifications and engagement options at hack23.com/about.html.
- 🎤 Conference talks on AWS security, OSINT, ISMS-as-code, Apache POI, agentic AI workflows, civic tech and parliamentary monitoring
- 📰 Coverage on civic-tech transparency, parliamentary OSINT, Riksdagsmonitor and the Hack23 public ISMS
- 🏅 OpenSSF Best Practices, OpenSSF Scorecard, SLSA Level 3, FOSSA license-clean across all flagship repos
→ Slides & recordings: github.com/Hack23/talks · Press: hack23.com/press.html
Every Hack23 surface is cross-linked for discoverability. Bookmark the hack23.com sitemap for the human-readable index in 8 languages, or use the per-project links below.
| Project / Topic | Repository | Live / Hosted | Features | Docs |
|---|---|---|---|---|
| 🔒 Hack23 AB | — | hack23.com | Services · About · Press · Contact | Blog · Sitemap |
| 🛡️ Public ISMS | ISMS-PUBLIC | — | 38 policies | README |
| 🗳️ Riksdagsmonitor | riksdagsmonitor | riksdagsmonitor.com | Features | Docs · PI Hub |
| 🇪🇺 EU Parliament Monitor | euparliamentmonitor | euparliamentmonitor.com | Features | Docs · PI Hub |
| 🔌 EP MCP Server | European-Parliament-MCP-Server | npm · Portal | Features | Docs |
| 🕵️ Citizen Intelligence Agency | cia | hack23.github.io/cia | Features | Docs |
| 📋 CIA Compliance Manager | cia-compliance-manager | ciacompliancemanager.com | Features | Docs · API |
| 🥋 Black Trigram | blacktrigram | blacktrigram.com | Features | Docs · API |
| 🎮 Game Template | game | — | README | ISMS Mapping |
| ☁️ Lambda in Private VPC | aws-lambda-private-vpc | — | Tutorial | README |
| 🧪 Sonar CFN Plugin | sonar-cloudformation-plugin | SonarCloud | README | — |
| 🎙️ Talks | talks | — | Slides | — |
| 🍎 Discordian Blog | — | hack23.com/blog.html | Manifesto | — |
- 🔐 Cybersecurity consulting: https://hack23.com/contact.html
- 🛡️ ISMS questions: open an issue on
Hack23/ISMS-PUBLIC - 🐛 Vulnerability disclosure: see each repo's
SECURITY.md(orHack23/.github/SECURITY_ARCHITECTURE.md) - 💖 Sponsor: https://github.com/sponsors/Hack23
"Security is transparency in action. Democracy is transparency at scale. Hack23 is both — in code." 🍎
© 2008–2026 Hack23 AB (Org.nr 559534-7807, Gothenburg, Sweden) · Apache License 2.0 · 💖 Sponsor
