Information Security Lead specializing in Enterprise Security, compliance (ISO 27001, SOC 2), and security management. My day job focuses on governance and risk, but I love offensive security: pentests, red teaming, and building security tools. Blue and purple team work matters to me too.

• 🔐 Head of Information Security @ Vertiseit - Leading ISO 27001 & SOC 2 compliance
• 🍋‍🟩 Founder of LimeTip - Building incident communication tools
• 📍 Based in Malmö, Sweden

• Languages: Python, Rust, TypeScript, Go, C#
• Web & APIs: React, .NET, GraphQL, REST, MCP (Model Context Protocol)
• Infra & Cloud: Docker, Kubernetes, GitHub Actions, Cloudflare, AWS, Railway, Azure
• Security: ISO 27001, SOC 2, OWASP, secure SDLC, risk management, incident response
• DevOps: CI/CD, infrastructure as code, GitHub Actions
• AI & Agents: Chess engines, agentic AI systems, minimax algorithms

→ Full skill overview

Bridging enterprise security management with hands-on offensive security.

• Enterprise Security: Leading ISO 27001 & SOC 2 compliance, risk management, security governance
• Offensive Security: Pentesting enthusiast, red team operations, security tool development
• Defensive Operations: Blue team practices, incident response, purple team exercises
• Security Research: Publishing guides on subdomain hijacking, WAF bypass, and offensive techniques
• Open Source Security: Building tools like redstr (Rust offensive security library), contributing to OWASP ZAP

→ Read my security thoughts

• 🦀 redstr - Red-team string obfuscation and transformation toolkit for offensive security workflows.
• 🧱 redstr-server - HTTP API server for exposing redstr transformations.
• 🧼 typesecure - TypeScript library for log sanitization and reducing PII leakage.
• 💤 lazyms - Minimal CLI utilities for Microsoft security and Azure workflows.
• 🕷️ wordpress-scan - Lightweight WordPress vulnerability scanning utility.
• 📱 qr-spoof - Security awareness project demonstrating QR spoofing risks.
• 🤖 robots-txt-analyzer - Analyzer for robots.txt exposure, security hints, and SEO signals.
• 🌐 domain-availability-checker - Cloudflare Worker that checks domain availability via RDAP.
• ✅ cc-check - Conventional commit checker for cleaner commit history.
• 🔤 is-char - Tiny, dependency-free utility for checking single characters.
• 🧥 klumo - A JS/TS runtime with LLM translation and self-healing.
• ♟️ Chess-MCP - MCP-based chess engine and game server for AI integrations.
• 📋 compliance-simplified - Practical ISO 27001 and SOC 2 compliance tooling and guides.

• 🔎 rurl - Rust utility for URL and recon-oriented security workflows.
• 🛰️ ISMAU.online - External uptime monitor project for Malmö University services.

→ More projects

• 🌍 arvid.tech
• 💼 LinkedIn