This repository contains resources and talks by James Pether Sörling, focusing on secure development practices, application security testing, and compliance automation. Below you'll find resources from presentations, security testing tools, and examples for implementing secure practices in your projects.
- Secure Development Pipeline Talk
- License Tools for Java Projects
- Security Testing Tools
- Practical Examples
- Projects & Expertise
- About Me
James Pether Sörling presented this talk at Javaforum Göteborg, where he discussed how to secure your development pipeline with static application security tests (SAST), dynamic application security tests (DAST), and software composition analysis (SCA) using SonarQube.
The presentation covers:
- Integrating security into CI/CD pipelines
- DevSecOps implementation strategies
- Compliance automation techniques
- Real-world examples of security testing tools
Podcast & Videos:
- Guest on the "Shift Left Like A Boss" security podcast
- Javaforum Göteborg presentation video
Presentation Materials:
A comprehensive comparison of license compliance tools for Java projects:
This guide covers tools for license detection, compatibility analysis, and compliance management specifically for Java ecosystems.
- cfn_nag - Static analysis tool for CloudFormation templates
- SonarQube CloudFormation plugin - Integrate CloudFormation security checks into SonarQube
- Trivy - Vulnerability scanner for containers and filesystems
- Container Check Sonar plugin - Container security analysis in SonarQube
- Hack23 CIA Jenkinsfile - Real-world example of security-focused CI/CD pipeline
|
Realistic 2D precision combat simulator inspired by traditional Korean martial arts, focusing on precise anatomical targeting, authentic combat techniques, and detailed physics-based interactions. 
|
Security assessment platform for the CIA triad with compliance mapping to regulatory frameworks 
|
Political transparency platform monitoring Swedish political activity with data-driven insights 
|
Multi-region active/active site leveraging Resilience Hub policy compliance and runbooks 
|
SonarQube plugin for analyzing AWS CloudFormation templates with security best practices 
|
| Project | Current Architecture | Security Architecture | Future Vision |
|---|---|---|---|
| CIA Compliance Manager |
🏛️ Architecture | 🔒 Security | 🔮 Future |
| Citizen Intelligence Agency |
🏛️ Architecture | 🔒 Security | 🔮 Future |
| Project | Process Flows | State Diagrams | Mindmaps |
|---|---|---|---|
| CIA Compliance Manager |
📊 Flowcharts | 🔄 States | 🧠 Mindmaps |
| Citizen Intelligence Agency |
📊 Flowcharts | 🔄 States | 🧠 Mindmaps |
Experienced security professional with over 30 years in information technology, specializing in security architecture, cloud security, and compliance. Currently serving as Application Security Officer at Stena Group IT, with prior roles including Information Security Officer at Polestar and Senior Security Architect at WirelessCar. Strong advocate for transparency in organizations, secure software development practices, and innovative open source solutions.
I develop advanced open source tools focused on:
- 🔐 CIA Triad (Confidentiality, Integrity, Availability)
- 📊 Compliance Management
- 🔍 Political Transparency
- ☁️ Secure Cloud Architectures
Press and Mentions:
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#a0c8e0',
'primaryTextColor': '#1a1a1a',
'primaryBorderColor': '#86b5d9',
'lineColor': '#86b5d9',
'secondaryColor': '#c8e6c9',
'tertiaryColor': '#ffda9e'
}
}
}%%
mindmap
root((James Pether<br>Sörling))
Information Security
::icon(fa fa-shield)
Risk Assessment & Management
CISSP & CISM Certified
Security Architecture Design
Zero Trust Principles
Defense-in-Depth
Compliance Frameworks
ISO 27001
NIST 800-53
VDA-ISA
CIS Controls
GDPR
Security Operations
Incident Response
Vulnerability Management
Security Monitoring
Cloud Security
::icon(fa fa-cloud)
Multi-Cloud Expertise
AWS Advanced
Microsoft Azure
Enterprise Architecture
High Availability Designs
Multi-Region Deployments
Resilience Engineering
Infrastructure as Code
CloudFormation
Terraform
Secure Cloud Services
AWS Security Hub
AWS GuardDuty
KMS Encryption
AWS WAF
Leadership & Governance
::icon(fa fa-users)
Information Security Officer
Security Architect
Policy Development
IT Governance
Team Leadership
Open Source Program Office
AI Governance & Security
Software Engineering
::icon(fa fa-code)
Secure Development (SSDLC)
Java/Spring Full-Stack
TypeScript/JavaScript/React
Automated Testing
CI/CD Pipelines
Code Quality
SLSA Level 3
SonarQube
Open Source Leadership
::icon(fa fa-github)
Project Creator & Maintainer
Community Contributor
Security Tool Development
Code Review
%%{
init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#d1c4e9',
'primaryTextColor': '#1a1a1a',
'primaryBorderColor': '#9575cd',
'lineColor': '#9575cd',
'secondaryColor': '#bbdefb',
'tertiaryColor': '#c8e6c9'
}
}
}%%
timeline
title Professional Journey
section Enterprise Security
2024 : Application Security Officer, Stena Group IT
: Risk Assessment, Cloud Security, Microsoft Azure, AI Governance
2022 - 2024 : Information Security Officer, Polestar
: ISMS Implementation, Security Compliance, Risk Management, OSPO Lead
2018 - 2022 : Senior Security Architect, WirelessCar
: Security Architecture, AWS Security, Secure Development Practices
section Cloud & Security Engineering
2017 - 2018 : Consultant, Consid AB
: Open Source Development, CI/CD, Docker, AWS
2010 - 2017 : Cloud Architect, Keypasco
: Cloud Security Solutions, Multi-Tier Architecture, AWS Infrastructure
section Software Development
2008 - 2009 : Consultant, Redpill Linpro
: Technical Support, System Administration, Development
2006 - 2007 : System Developer, Sky
: J2EE Projects, Agile Development, Test-Driven Development
2003 - 2005 : J2EE Developer, Glu Mobile
: Mobile Services, Integration
2000 - 2002 : Software Engineer, Volantis Systems
: Multi-Channel Server Product Development
- Information Security Officer at Polestar, leading security practices and the Open Source Program Office
- Senior Security Architect at WirelessCar, supporting secure delivery practices and security risk management
- Open source contributor for cfn-nag, developing integration with SonarQube for CloudFormation security analysis
- Speaker at Javaforum Göteborg on secure architecture patterns
- Guest on Shift Left Like A Boss security podcast
- Featured in Computer Sweden and Riksdag och Departement for political transparency work
- Mentioned in National Democratic Institute survey on parliamentary monitoring organizations
- Operated Equal Rites BBS in the 1990s, part of Fidonet (Node 2:203/454)
Last updated: 2025-06-14 16:23:03