<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>XONO Insights</title>
    <link>https://xono.ai/blog/</link>
    <atom:link href="https://xono.ai/blog/feed.xml" rel="self" type="application/rss+xml" />
    <description>Practical, no-nonsense guides on cybersecurity for growing businesses — SOC 2, ISO 27001, NIS2, DORA, vCISO, penetration testing, secure SDLC, and cloud security.</description>
    <language>en</language>
    <lastBuildDate>Sat, 23 May 2026 09:00:00 GMT</lastBuildDate>

    <item>
      <title>Cloud security in 2026: the controls that actually move the needle on AWS, Azure, and GCP</title>
      <link>https://xono.ai/blog/cloud-security-aws-azure-gcp/</link>
      <guid>https://xono.ai/blog/cloud-security-aws-azure-gcp/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>IAM, networking, KMS, Kubernetes, IaC review. The configuration mistakes we see most often and what real defence-in-depth looks like.</description>
      <category>Cloud Security</category>
    </item>

    <item>
      <title>Penetration testing, demystified: scoping, budgeting, and getting real value</title>
      <link>https://xono.ai/blog/penetration-testing-explained/</link>
      <guid>https://xono.ai/blog/penetration-testing-explained/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>Black-box, grey-box, white-box. Web app, network, cloud, red team. A practical guide to scoping a pen test that delivers actionable findings.</description>
      <category>Penetration Testing</category>
    </item>

    <item>
      <title>Shifting security left without slowing engineers down</title>
      <link>https://xono.ai/blog/secure-sdlc-shifting-left/</link>
      <guid>https://xono.ai/blog/secure-sdlc-shifting-left/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>How to bake threat modelling, SAST, SCA, secret scanning, DAST, and SBOM hygiene into your pipeline without becoming the team everyone routes around.</description>
      <category>Secure SDLC</category>
    </item>

    <item>
      <title>What a virtual CISO actually does (and when you really need one)</title>
      <link>https://xono.ai/blog/what-is-a-vciso/</link>
      <guid>https://xono.ai/blog/what-is-a-vciso/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>The roles, rhythms, deliverables, and honest signals that tell you whether your organisation is ready for fractional executive security leadership.</description>
      <category>vCISO</category>
    </item>

    <item>
      <title>SOC 2 vs ISO 27001 vs SMB1001: which framework do you actually need?</title>
      <link>https://xono.ai/blog/soc2-iso-27001-readiness/</link>
      <guid>https://xono.ai/blog/soc2-iso-27001-readiness/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>How to pick a framework, when to combine them, realistic timelines and costs, and what auditors actually look for.</description>
      <category>Compliance</category>
    </item>

    <item>
      <title>Cybersecurity foundations every growing business actually needs</title>
      <link>https://xono.ai/blog/security-essentials-foundations/</link>
      <guid>https://xono.ai/blog/security-essentials-foundations/</guid>
      <pubDate>Sat, 23 May 2026 09:00:00 GMT</pubDate>
      <description>A no-nonsense baseline for organisations formalising security for the first time — what to implement, in what order, and what to defer.</description>
      <category>Security Essentials</category>
    </item>

  </channel>
</rss>
