Who I Am

I'm overly curious about how systems work and how things fit together. I enjoy taking things apart and figuring out what makes them tick.

Does that mean I break things? Well, let's just say that tinkering in my free time means voiding a few warranties as I go along. If all goes well, the lessons learned and whatever survived can be duct-taped together to form some semi-useful (arguably) side project or blog post.

Oscar Hjelm

What I Do

I'm an IT Security Consultant living and working in the south of Sweden.

In a nutshell: I help organisations increase their security by either identifying vulnerabilities through methods like penetration testing or source code reviews, or by taking a more proactive and advisory role, such as implementing secure coding practices, coaching, and training developers.

Hack the Planet!

To be a bit more specific...

... here's a closer look at what I do as a consultant.

Offensive Operations

I run offensive operations (e.g. penetration tests) to help clients identify weaknesses in their IT systems and procedures. In other words, I'm hacking to help and not to harm.

Engagements range from being very pragmatic (how can an adversary impact us?) to very academic (what flaws exist in this system?).

Here to Help

Everything today is fast-paced. Unfortunately, technology is not becoming any less complex. That's a difficult challenge for developers and administrators whose time may already be stretched too thin. From ticket to implementation, they are often alone throughout the process.

I'm here to help. You're not alone. I bring my experience attacking and securing systems, and together we make sure your systems are as secure as they can be.

Effective Remediation

Nothing can be perfectly secure, but everything can be secure enough. If you spend all your resources chasing perfect security, then you'll have nothing left to run the business with.

I help organisations and their teams understand what their vulnerabilities and weaknesses mean in the context of their business, and how to effectively address them given the organisation's goals, risk tolerance, and constraints.

Consulting and Coaching

There's enough work to do and not enough skilled security professionals to go around. I want to enable architects, developers, project managers, and operators to do as much as possible themselves. From vulnerability to automatic unit test, security is best managed as early as possible in any project.

I coach and train, often in conjunction with an offensive engagement, to enable organisations to do as much as possible as early as possible.