The cyber security chess game

Cyber security is like a game of chess: an ever-changing game of situations. The complexity is higher, of course, and there may be more than one king to protect. In both games, just a few traits separate good players from the true masters.

Chess is about protecting the most valuable piece on the board – the king. In the same way, traditional strategies in cyber security have revolved around surrounding the most valuable asset with layers of security. This is very much like a chess king surrounded by all the other friendly pieces. Unfortunately, this approach has gradually become less successful with today’s unstructured and abstract game board, consisting of complex networks of mobile devices, Internet of Things solutions and cloud-based services.

As a matter of fact, a new playing style is required when a king can – at any time! – be attacked by a number of malicious pieces. This situation creates a need to see only those details that are of relevance. In this situation, less skillful players will scrutinize the entire current board, concentrating on every single detail. Master players, on the other hand, will know what information requires focus and what can be ignored.

“To the inner eye, a bishop is not a uniquely shaped piece, but rather an oblique force.”
T. Donovan, “It’s All A Game”

The point here is that directing all your pieces towards a long-term goal demands an understanding of the game, not just simple rearrangement. To a master chess player there is no color or shape to a piece, nor does it matter if it is on a white or black square. These details have no impact on winning or losing. What matters is only which squares have pieces and which squares they can be moved to. Anything more than that is just a distraction. The game in itself centers around which strategic position can be gained on the board.

In cyber security, it is equally important to see through the information noise and identify what brings value. Where should time and money be spent to make a system more secure? Just like in chess, the best thing is to form this strategy from a bottom-up perspective:

  • Position your pawn structure as the foundation of your defenses
    This includes traditional products such as firewalls, intrusion prevention/detection systems, and multi-factor based access control.
  • Stay strategic, flexible and proactive with the rest of the pieces
    Use the rest of the pieces and board positions to build a fast moving and adaptable security structure tailored to your organization’s particular needs.

In chess, everyone has the same goal: to capture the opponent’s king. For cyber criminals, the goal is most likely to steal an organization’s sensitive data. Novice players will examine the pieces in front of them and react to the changing structure of the board to prevent an adversary from reaching that goal. A skillful player knows it is all about changing the structure of the board, finding tactics that will improve the setup and only consider the right questions.

”Questions are what matter. Questions, and discovering the right ones, are the key to staying on course.”
G. Kasparov

The right attitude is to take command. Ask “What can be done?” rather than “What is happening?” This clear distinction in mindset is what allows masters to control a situation and purposefully change it to their advantage. Look for those right questions in your current cyber security strategy and setup, eliminate anything that does not contribute towards the goal. In this way, you will continuously improve the game board in your favor. This will allow for many small adjustments to the strategy while always keeping the long-term goal in mind: checkmate.

The bottom line here is that you should actively seek context in a particular board setup, rather than just looking at the appearance of all the pieces. Also remember to constantly challenge your setup, use internal or external teams to identify weaknesses and areas for improvement. It is only through a constant review that continuous improvement can flourish.

In those situations where a king is cornered and no change can take place, Kaikaku, radical change, is called for. When everything else fails, a bold sweeping of the fist through all the chess pieces will allow for a fresh start, one where change can take place.


Niclas Kjellin is a security expert and certified ethical hacker who believes that security emerges from culture and awareness, rather than technology.“Working with people is the beginning of modernizing an industry that in many ways has left the users behind.”

Säkerheten behöver involveras i alla steg i Agila projekt

Tidspress, okunskap och brist på bra verktyg äventyrar ofta säkerhetstänkandet i Agila projekt. “Intrång sker dagligen, många genom svagheter och brister i mjukvara. Tillsammans behöver vi ta ett större ansvar och förändra vårt arbetssättet”, säger Niclas Kjellin, säkerhetsexpert på Softhouse.

Att Agila metoder har blivit vanligare för utvecklingsprojekt har undgått få. Däremot upplever många att det kan vara svårt att få säkerhetstänkande att prägla det dagliga arbetet. I vissa fall glöms det helt bort, vilket kan ha tråkiga konsekvenser.

I Agila projekt växer produkten fram dynamiskt och därför behöver säkerheten följa med i förändringen. Detta innebär att den behöver involveras i alla steg, från sprintplanering och backlog-genomgång och hela vägen ner till den enskilda raden kod. Alla i teamet behöver vara engagerade, från utvecklare till produktägare.

Att arbeta med säkerhet i ett Agilt projekt kräver ett gemensamt kunskapslyft, inte minst för produktägaren som behöver förstå och prioritera behoven inom säkerhet, säger Niclas Kjellin. Däremot så behöver inte alla vara säkerhetsexperter; en gnutta medvetenhet räcker långt.

I många projekt läggs det mycket fokus på säkerhet i två delar av produktionskedjan: dels i början, dels i slutet före produktionssättning. Dessa insatser är viktiga, men tillvägagångssättet är inte kostnadseffektivt och ofta integreras inte säkerheten på ett naturligt sätt i det Agila projektet.

Säkerhetsrelaterade aktiviteter behöver introduceras och ges utrymme under utvecklingen. Det handlar om medvetenhet, prioritering och riskhantering. Med några enkla förändringar är det möjligt att aktivt arbeta med säkerheten i ett projekt och tidigt fånga och åtgärda potentiella problem.

Att använda alternativa User Stories fokuserade på säkerhet är en bra början för att få teamet att tänka på säkerheten, säger Niclas Kjellin. Själv använder jag mig av en lista av redan definierade Security Stories inom vanliga områden för att stimulera diskussion och medvetenhet.

Så höjer du säkerhetsmedvetenhet i ett Agilt projekt

  • Utnämn en Security Champion
    Låt någon i teamet ta ansvar för säkerhetsfrågorna.
  • Genomför återkommande säkerhetskontroller
    På så sätt ser man till att säkerhetslösningen utvecklas i takt med produkten.
  • Säkerhetsanalysera varje User Story
    Här kan man använda enkla gruppövningar för att identifiera säkerhetsbehoven.
  • Använd återanvändbara säkerhetsrelaterade stories
    Detta är ett bra sätt att förenkla och stimulera säkerhetsarbetet.
  • Ha koll på säkerhetsskulden
    Ta rätt beslut genom att tydliggöra ofärdiga och ohanterade säkerhetsuppgifter

För en mer utförlig beskrivning, se artikeln “Top 5 advice to include security in any Agile software project”.


Niclas Kjellin är säkerhetsexpert på Softhouse, certifierad etisk hackare och mjukvaruutvecklare med en lång erfarenhet av digital produktutveckling och dess processer.

There is a new addition to our Tribe Gathering Family!

In cooperation with the agile evangelists Bosnia Agile, Softhouse office in Sarajevo has started a new tribe that focuses on good practice in leadership – Leaders Tribe!

Leaders’ Tribe is a creative and open forum for leaders of today and tomorrow in Bosnia and Hercegovina, and beyond. The primary focus of this gathering is connecting people of different industries, ages, and experiences, coming together for the sharing of knowledge and ideas within the area of leadership; believing that diversity leads us to the best insights! Leaders’ Tribe Gathering follows the same concept and setup as our other forums: LeanTribe, DevTrive, and BizTribe.

The premiere of Leaders’ Tribe Gathering takes place at the office of Softhouse Balkans on 21st September, and the theme is ”How to involve employees in company development.” The gathering will be held in local languages for the local nearness. For more information and how you can register, visit

Neira and Emir are building a tech bridge between Stockholm and Sarajevo

This summer, the Softhouse Balkans team is joined by Neira Čaušević, a computer science student at the Royal Institute of Technology in Stockholm. Taking part in a major project at the company, she will have Emir Mehić as her mentor – one of the most experienced developers in the team.  

“I have always wanted to stay in Sarajevo for a longer period, doing something beneficial both for me and for my surroundings,” says Neira Čaušević – born and raised in Sweden, but with Bosnian roots. With one year left to graduation, Neira is eager to increase her knowledge in fields related to her computer sciences studies, more specifically in web-application development. So when she found out that Softhouse has an office in Sarajevo, she couldn’t wait to create a connection. “I came in contact with them in spring,” she says. “During a stay in Sarajevo I got to visit the office and meet the team. After some time, it stood clear that I would join the team for two months during the summer.”

Contributing to the project team

Before her arrival in Sarajevo, Neira and her mentor Emir Mehić established contact and began the preparations for her summer employment. She started learning about tools and programming languages that are used in web application development, e.g. JavaScript, HTML and CSS. “It was incredibly reassuring to know that there was going to be someone with great knowledge to guide me and provide help if needed,” she says.

Her employment started with an introduction period, consisting of online courses. This facilitated the process of joining one of the projects that the team is currently working on. Continuous follow-up meetings were held to make sure that everything was going according to plan. Quickly after the introduction, Neira got included in activities such as daily scrum meetings, sprint-planning, demos for clients and more. It is valuable for both parties that she has been engaging not only in the technical aspects of the project, but also in the agile principles that are implemented by the Softhouse team. “I think that Neira’s summer employment is something that has benefited both the team at Softhouse and her,” says Emir Mehić. “Through her intensive preparation and pair programming, she has been able to contribute to the project team’s success in no time.”

Combining Bosnian and Swedish potential

After almost two months of work Neira has gotten a full overview of how the project works both in theory and practice. Her on-boarding has included tasks regarding front-end development. One example is adding features to views in the web-application that the team is working on. An other example is developing a new architecture that the team is applying to the project. “I have learned a lot about creating code that is effective, adaptable and testable,” Neira says. “Thanks to my on-boarding and with the help from my colleagues I have also learned to write unit tests and find ways to optimize existing code. That is particularly valuable for me since I’m now ahead in my studies for the last year of my education.”

For Softhouse Balkans it is a natural part of the business to work remotely and include young talents regardless of where they live. “We see that the meeting of different perspectives and experiences enriches our working environment and delivery,“  says Vernisa Rejhan, COO of Softhouse Balkans. “As we are part of a Swedish group, it is natural for us to bring out the best of combining Bosnian and Swedish potential; Neiras work at Softhouse is a token of this mission!”


Interview with Neira on (In Swedish): “Vi blir verkligen guidade från första raden kod

Säkerhet hamnar ofta på efterkälken

Digital transformation innebär nya möjligheter för alla parter – tyvärr också för dem som luras, stjäl och förstör. ”Svensk IT-bransch behöver bli mycket bättre på säkerhetsfrågor”, säger Niclas Kjellin, nytillträdd säkerhetsexpert på Softhouse.

Säkerheten är ett område som ofta hamnar på efterkälken när vi förändrar och digitaliserar vår vardag, säger Niclas Kjellin. Det är problematiskt eftersom vi ständigt riskerar att utsättas för olika typer av cyberattacker, både som företag och privatpersoner.

Hoten kommer från en rad olika håll – allt från enskilda hobbyhackare, hacktivister och kriminella organisationer till statligt finansierade cyberarméer. Attackerna tar sig form av kidnappning av data, stöld av känslig information, överbelastning och ren skadegörelse.

Den vanligaste frågan jag får är ”Behöver vi ha någon säkerhet, vår tjänst hanterar ju ingen känslig data?”, säger Niclas Kjellin. Då brukar jag svara att ”i fel händer är all data känslig”. Alltför ofta leder intrång ofta till tråkiga konsekvenser, till exempel informationsläckage, förlorade inkomster och ett skadat varumärke.

Säkerhetstänkande på högsta nivå

Genom internationellt politiskt samarbete har man vidtagit olika typer åtgärder för att reglera och kontrollera marknaden, bland annat genom den så kallade General Data Protection Regulation (GDPR). För IT-branschens aktörer innebär det ytterligare något att ta hänsyn till; om man inte uppfyller de lagstadgade kraven kan det medföra stora viten. Överlag bär IT-branschen på ett stort ansvar när det gäller att skydda både sina egna kunder och kundernas kunder, det vill säga slutanvändarna av tjänster och produkter.

Ett intressant faktum är att konsumenter har börjat bli allmänt mer medvetna om skillnaderna i säkerhet hos olika produkter, säger Niclas Kjellin. I längden betyder det att de bolag som kan etablera säkerhet i sina utvecklingsprocesser kommer att bli mer framgångsrika än de som gör sig kända för sina säkerhetsläckor.

Ett kulturellt problem inom IT-branschen är att säkerhet traditionellt setts som en uppgift för Development and Operations, det vill säga utvecklings- och IT-avdelningarna.

Den här synen måste vi vända upp och ner på, säger Niclas Kjellin. Säkerhetstänkande ska upp på högsta nivå inom IT-branschen. Det ska vara en av grundpelarna vi förlitar oss på när vi tar fram våra processor, sätter upp våra projektmetoder och något som projektet har med sig under hela resans gång. Sverige har en lång historia av att leverera digitala produkter och tjänster av hög kvalitet till ett stort antal kunder och användare. Men tyvärr glömmer vi ofta att lägga tillräckligt stor vikt vid säkerhetsfrågor. Det är vi knappast ensamma om i världen, men det är definitivt något som vi behöver bli mycket bättre på.


Niclas Kjellin är säkerhetsexpert på Softhouse, certifierad etisk hackare och mjukvaruutvecklare med en lång erfarenhet av digital produktutveckling och dess processer.

Softhouse Consulting AB och Karlastaden Utveckling AB lanserar en mobilapplikation

Softhouse Consulting AB och Karlastaden Utveckling AB lanserar en mobilapplikation – för att samla in data som underlag för den fortsatta utvecklingen av den smarta stadsdelen Karlastaden i Göteborg.

Vårt samarbete med Karlastaden Utveckling och deras satsning på Karlastaden har just tagit ett stort steg framåt i innovationsarbetet. Tillsammans har vi släppt mobilapplikationen ”Karlastaden” för att utforska vad marknaden efterfrågar i bonära tjänster med fokus på två områden: appstyrda lås och Karlastadens bilpool. En stor del av de digitala lösningarna som erbjuds i appen är idag oprövade inom fastighetsbranschen. Användaren erbjuds därför i appen att testa olika scenarion, poängsätta funktioner och lämna egna kommentarer samt synpunkter.

Appen finns att ladda ner gratis på AppStore och Google Play. Alla som besvarar frågeställningarna i slutet av ett scenario via den gula pratbubblan deltar i en utlottning av två stycken appstyrda lås från företaget Glue. Detta låsvred installeras på ett befintligt lås hemma och innebär att man enkelt kan låsa/låsa upp via en app för att släppa in matleveranser, barnen eller hundvakten. Läs mer om Glue här:


Joining together the potentials of Bosnia and Sweden leads to extraordinary opportunities

In Softhouse Consulting Bosnien AB, IT professionals eager to learn, have the chance to work internationally and to exchange knowledge with their colleges from abroad. Talented and smart young people like Zana Tatar are given challenging assignments, to yield their professional development.

Zana is a Software Engineer and started her journey with Softhouse Bosnien last October when she joined the team as first female IT consultant in the office. In parallel, Zana is finishing her master’s degree on Faculty of Electrical Engineering in Sarajevo. Zana says that the love for her job combined with the right amount of responsibility is the key to managing both work and studies. In February, just a few months after she started her journey, she got a new assignment which included: work on two projects in parallel, new technologies and starting off work with a remote group of mentors and colleagues from Sweden. The both projects develop managerial tools for competence development and resource planning.

In order to get the best possible knowledge transfer and coaching, Zana visited Softhouse in Sweden. Traveling between offices and getting direct advice from professionals is one of the advantages of working in Softhouse. The process of introducing Zana to the new projects was split between two offices: Malmö and Karlskrona. Each of them providing her with tools and mentors: Björn Granvik, Rasmus Letterkrantz, Young Fogelström and John Mogensen.

It was a challenge for me to face the amount of responsibility and many new things: technologies, people, environment, and country. Since I just started working, it was a huge step forward for me, one I did not count on getting as a junior. However, the collaboration with Swedish colleges and the whole process of taking over new projects went great. I always wanted to visit Sweden and because of the way I was welcomed I want to visit Sweden again, Zana says about her experience.

After the education in Sweden Zana now works as a part of the distributed development team. Her workdays include the agile essentials such as daily meetings via Skype, demo presentation after two-week sprints and constant guidance from her mentors.

The process of sharing knowledge and experience is keeping up –  now Zana introduces new colleges to the project, practicing her leadership skills along the way, Björn Granvik shares during a meeting.

A new colleague, Orhan Ljubunčić, joined the projects recently and is using his outstanding potential to contribute to the projects.

As a student and a newcomer to the professional business and IT world, I didn’t know what to expect from working in Softhouse. What I got is far more than I hoped for – professional and friendly environment, working on interesting and challenging projects and sharing knowledge with ambitious young people. The projects I am currently working on, Kush and Stardust, contain various aspects that are crucial to IT industry such as popular technologies, agile ways of working and constant verbal and spoken communication with other team members. These things give me numerous ways to develop myself both professionally and as a person in an interesting and fun way, Orhan shares his impressions.

The collaboration of these two young professionals brings value to the company’s delivery every day. But their journey doesn’t stop here, Zana and Orhan are constantly looking for new challenges which we will continue to share with you.

Premiär för Turn the costs around i Stockholm

Upplever du att mjukvaruutvecklingen på ditt företag tar för lång tid? Undrar du varför ledtiden och kostnaderna skenar i väg utifrån era kalkylerade planer? Har dina medarbetare och kollegor tappat motivationen? Turn the costs around – while keeping control of your software development är en ögonöppnare för dig som vill få tillbaka motivationen, inspirera kollegorna samt sänka era kostnader.

Kursen som har premiär i Stockholm den 26:e september 2017 adresserar samtliga ovanstående frågeställningar. Med ett tydligt syfte, att skapa bättre förståelse samt lyfta blicken mot applicerbara lösningar i praktiken som passar just dig och din organisation, läggs stor vikt på att visualisera typiska fallgropar.

För att få insikt i grundorsakerna som skapar problemen krävs ett helikopterperspektiv så att hela systemet kan analyseras. Det är så vi synliggör fallgroparna under kursen berättar Peter Horvath, Agile coach och trainer.

Kursen fokuserar på aspekterna ledtid, kostnad och värdeskapande där teori blandat med diskussioner och praktiska övningar utgör grunden för en detaljerad analys av två konkreta case.

Som kursdeltagare följer du med på en spännande resa där vi presenterar två företag som står inför samma utmaning. Genom interaktion, dialog, visualisering och övningar går vi från klarhet till klarhet när det gäller skillnaderna i hur de båda företagen tar sig an utmaningen. Vi kommer gräva ner oss på djupet när det kommer till vad det egentligen är som gör att det går mycket smidigare för det ena företaget berättar Jeanette Jealmo,  Agile coach och trainer.

För mer information om kursen besök:

Turn the costs around

Master Continuous Delivery like a pro

Albert Rigo, seasoned consultant in the software business, combined his professional passion (Agile way-of-working) with his private hobby (board games). The result was Continuous Delivery – the game.


”I have always thought that gamification is a great way to teach things,” says Albert Rigo. ”Playing games gets different parts of the brain working and makes it easier to remember things. I have also made a few games previously that I’ve played with the children at home. That’s why a colleague – Christian Pendleton – and I came up with the idea that a game that can teach Continuous Delivery (CD) was a good idea.”

Albert Rigo, M.Sc., has been working in the software industry for fifteen years – everything from developer and software architect to team leader and Configuration Manager. He thinks that CD is interesting because it brings in agile thinking in software processes, since the values described by The Agile Manifesto are exactly what CD implements.

”I have always thought that automation is the key to effectivity; when you’re working with your computer, it’s the computer that should do all the boring, repetitive work. So CD is simply a modern way of working,” says Albert Rigo. ”But most important of all is that the people who actually make the change, i.e. the developers, have the opportunity to take responsibility for their change right the way through to the end user, and – hopefully – get feedback from him.”

Albert Rigo thought the most enjoyable part of making the game was designing the ’Events’ cards – cards that represent reality’s impact on software development.

”These unexpected events can be anything from ”lack of time” to ”old test cases,” he says. ”These cards were fun to invent, and I had help from a number of colleagues.”

Albert Rigo hopes that The Agile Community can benefit from the game. He believes that it will be used mainly for training purposes to give an overview of the terms used in a CD-based delivery pipeline.

”But in fact the game is for everyone – not just for developers or project managers. It raises awareness of what CD stands for and what its benefits are. It can also be used as a team-building game.”

Continuous Delivery – the game released by Softhouse and available for purchase.

Softhouse in Sarajevo expands – together we grow

Vernisa Rejhan, COO of Softhouse Office in Sarajevo has shared her professional story for Ladies In, the magazine for professional women in business in Bosnia and Hercegovina.

Having lived in Sweden for the past 25 years, Vernisa has decided this year to move to Sarajevo and further develop her leadership skills, contribute to Softhouse expansion and growth of young IT professionals in Bosnia and Hercegovina. As Bosnian-Swede, Vernisa holds the two countries close to her heart and has for the past 10 years worked for building bridges between them.

The position in Softhouse, along with Softhouse values and the cooperation with a great team of IT developers and the CEO Himzo Musić, have given her a professional playground that she has missed until now, combining the best of Sweden and Bosnia – Vernisa expresses.


For more information please contact: 
Vernisa Rejhan at 0038765064289 or send an email.