<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://professorkailondon.com/photos.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/photos/professor-kai-london-ciso-cybersecurity-ai-expert.png</image:loc>
      <image:title>Professor Kai London — CISO, Cybersecurity, AI and Quantum Computing Expert</image:title>
      <image:caption>Professor Kai London, senior Chief Information Security Officer (CISO), board advisor and Honorary Professor in Cybersecurity, AI and Quantum Computing.</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/photos/professor-kai-london-board-advisor-interim-ciso.png</image:loc>
      <image:title>Professor Kai London — Board Advisor, NED and Interim / Fractional CISO, CIO, CTO</image:title>
      <image:caption>Professor Kai London, board advisor and interim/fractional CISO, CIO and CTO for regulated, mission-critical sectors.</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/photos/professor-kai-london-quantum-ai-security-founder.png</image:loc>
      <image:title>Professor Kai London — Founder &amp; CEO, Quantum AI Systems Security</image:title>
      <image:caption>Professor Kai London, Founder and CEO of Quantum AI Systems Security and UCL researcher in cybersecurity, AI and quantum computing.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-001.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-001-trust-breaks-before-systems-do.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 001: Trust breaks before systems do</image:title>
      <image:caption>Professor Kai London cybersecurity principle 1: &quot;Trust breaks before systems do.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-002.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-002-if-it-cannot-be-evidenced-it-cannot-be-defended.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 002: If it cannot be evidenced, it cannot be defended</image:title>
      <image:caption>Professor Kai London cybersecurity principle 2: &quot;If it cannot be evidenced, it cannot be defended.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-003.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-003-map-the-fault-hold-the-line-prove-it-held.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 003: Map the fault. Hold the line. Prove it held</image:title>
      <image:caption>Professor Kai London cybersecurity principle 3: &quot;Map the fault. Hold the line. Prove it held.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-004.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-004-the-breach-is-no-longer-the-loss-the-business-is.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 004: The breach is no longer the loss. The business is</image:title>
      <image:caption>Professor Kai London cybersecurity principle 4: &quot;The breach is no longer the loss. The business is.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-005.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-005-risk-has-moved-from-the-server-room-to-the-balance-sheet.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 005: Risk has moved from the server room to the balance sheet</image:title>
      <image:caption>Professor Kai London cybersecurity principle 5: &quot;Risk has moved from the server room to the balance sheet.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-006.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-006-you-cannot-govern-a-machinespeed-adversary-with-a-quarterly-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 006: You cannot govern a machine-speed adversary with a quarterly committee</image:title>
      <image:caption>Professor Kai London cybersecurity principle 6: &quot;You cannot govern a machine-speed adversary with a quarterly committee.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-007.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-007-a-certification-is-a-vocabulary-not-a-victory.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 007: A certification is a vocabulary, not a victory</image:title>
      <image:caption>Professor Kai London cybersecurity principle 7: &quot;A certification is a vocabulary, not a victory.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-008.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-008-compliance-theatre-ends-the-moment-evidence-is-requested.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 008: Compliance theatre ends the moment evidence is requested</image:title>
      <image:caption>Professor Kai London cybersecurity principle 8: &quot;Compliance theatre ends the moment evidence is requested.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-009.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-009-the-most-dangerous-trust-is-the-trust-nobody-remembers-grant.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 009: The most dangerous trust is the trust nobody remembers granting</image:title>
      <image:caption>Professor Kai London cybersecurity principle 9: &quot;The most dangerous trust is the trust nobody remembers granting.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-010.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-010-thirdparty-exposure-is-the-new-breach-surface.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 010: Third-party exposure is the new breach surface</image:title>
      <image:caption>Professor Kai London cybersecurity principle 10: &quot;Third-party exposure is the new breach surface.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-011.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-011-they-did-not-break-in-they-moved-through-what-you-trusted.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 011: They did not break in — they moved through what you trusted</image:title>
      <image:caption>Professor Kai London cybersecurity principle 11: &quot;They did not break in — they moved through what you trusted.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-012.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-012-the-fault-line-is-rarely-the-firewall-often-it-is-the-passwo.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 012: The fault line is rarely the firewall — often it is the password reset</image:title>
      <image:caption>Professor Kai London cybersecurity principle 12: &quot;The fault line is rarely the firewall — often it is the password reset.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-013.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-013-business-impact-is-the-language-of-power.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 013: Business impact is the language of power</image:title>
      <image:caption>Professor Kai London cybersecurity principle 13: &quot;Business impact is the language of power.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-014.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-014-boards-decide-in-money-quantify-or-be-ignored.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 014: Boards decide in money — quantify, or be ignored</image:title>
      <image:caption>Professor Kai London cybersecurity principle 14: &quot;Boards decide in money — quantify, or be ignored.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-015.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-015-a-risk-rating-you-cannot-define-is-a-risk-rating-you-cannot-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 015: A risk rating you cannot define is a risk rating you cannot defend</image:title>
      <image:caption>Professor Kai London cybersecurity principle 15: &quot;A risk rating you cannot define is a risk rating you cannot defend.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-016.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-016-untested-continuity-plans-are-hypotheses-not-capabilities.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 016: Untested continuity plans are hypotheses, not capabilities</image:title>
      <image:caption>Professor Kai London cybersecurity principle 16: &quot;Untested continuity plans are hypotheses, not capabilities.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-017.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-017-a-backup-is-not-recovery-until-the-business-is-restored.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 017: A backup is not recovery until the business is restored</image:title>
      <image:caption>Professor Kai London cybersecurity principle 17: &quot;A backup is not recovery until the business is restored.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-018.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-018-the-vendor-with-better-evidence-wins.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 018: The vendor with better evidence wins</image:title>
      <image:caption>Professor Kai London cybersecurity principle 18: &quot;The vendor with better evidence wins.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-019.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-019-superior-cyber-maturity-is-a-competitive-advantage.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 019: Superior cyber maturity is a competitive advantage</image:title>
      <image:caption>Professor Kai London cybersecurity principle 19: &quot;Superior cyber maturity is a competitive advantage.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-020.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-020-demonstrated-beats-asserted-every-time.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 020: Demonstrated beats asserted — every time</image:title>
      <image:caption>Professor Kai London cybersecurity principle 20: &quot;Demonstrated beats asserted — every time.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-021.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-021-governance-comes-before-controls.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 021: Governance comes before controls</image:title>
      <image:caption>Professor Kai London cybersecurity principle 21: &quot;Governance comes before controls.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-022.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-022-every-control-needs-a-principle-every-principle-needs-a-cont.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 022: Every control needs a principle; every principle needs a control</image:title>
      <image:caption>Professor Kai London cybersecurity principle 22: &quot;Every control needs a principle; every principle needs a control.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-023.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-023-controls-fail-silently-unless-silence-is-monitored.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 023: Controls fail silently unless silence is monitored</image:title>
      <image:caption>Professor Kai London cybersecurity principle 23: &quot;Controls fail silently unless silence is monitored.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-024.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-024-prevention-fails-detection-decides-what-happens-next.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 024: Prevention fails. Detection decides what happens next</image:title>
      <image:caption>Professor Kai London cybersecurity principle 24: &quot;Prevention fails. Detection decides what happens next.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-025.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-025-a-control-that-has-not-been-pressuretested-is-still-only-a-h.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 025: A control that has not been pressure-tested is still only a hope</image:title>
      <image:caption>Professor Kai London cybersecurity principle 25: &quot;A control that has not been pressure-tested is still only a hope.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-026.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-026-blast-radius-is-a-business-decision.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 026: Blast radius is a business decision</image:title>
      <image:caption>Professor Kai London cybersecurity principle 26: &quot;Blast radius is a business decision.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-027.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-027-concentration-risk-hides-inside-convenience.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 027: Concentration risk hides inside convenience</image:title>
      <image:caption>Professor Kai London cybersecurity principle 27: &quot;Concentration risk hides inside convenience.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-028.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-028-risk-acceptance-is-a-decision-not-a-disappearing-act.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 028: Risk acceptance is a decision, not a disappearing act</image:title>
      <image:caption>Professor Kai London cybersecurity principle 28: &quot;Risk acceptance is a decision, not a disappearing act.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-029.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-029-ai-risk-is-now-enterprise-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 029: AI risk is now enterprise risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 29: &quot;AI risk is now enterprise risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-030.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-030-a-confident-wrong-answer-is-still-a-control-failure.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 030: A confident wrong answer is still a control failure</image:title>
      <image:caption>Professor Kai London cybersecurity principle 30: &quot;A confident wrong answer is still a control failure.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-031.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-031-privacy-bolted-on-late-is-risk-priced-at-a-premium.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 031: Privacy bolted on late is risk priced at a premium</image:title>
      <image:caption>Professor Kai London cybersecurity principle 31: &quot;Privacy bolted on late is risk priced at a premium.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-032.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-032-accountability-is-now-named-timed-and-evidenced.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 032: Accountability is now named, timed and evidenced</image:title>
      <image:caption>Professor Kai London cybersecurity principle 32: &quot;Accountability is now named, timed and evidenced.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-033.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-033-late-notification-turns-an-incident-into-a-governance-failur.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 033: Late notification turns an incident into a governance failure</image:title>
      <image:caption>Professor Kai London cybersecurity principle 33: &quot;Late notification turns an incident into a governance failure.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-034.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-034-direction-matters-more-than-snapshot-maturity.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 034: Direction matters more than snapshot maturity</image:title>
      <image:caption>Professor Kai London cybersecurity principle 34: &quot;Direction matters more than snapshot maturity.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-035.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-035-measure-the-risk-the-control-and-the-outcome-separately.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 035: Measure the risk, the control and the outcome separately</image:title>
      <image:caption>Professor Kai London cybersecurity principle 35: &quot;Measure the risk, the control and the outcome separately.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-036.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-036-a-dashboard-that-triggers-no-decision-is-theatre.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 036: A dashboard that triggers no decision is theatre</image:title>
      <image:caption>Professor Kai London cybersecurity principle 36: &quot;A dashboard that triggers no decision is theatre.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-037.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-037-three-lines-of-defence-means-three-different-jobs.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 037: Three lines of defence means three different jobs</image:title>
      <image:caption>Professor Kai London cybersecurity principle 37: &quot;Three lines of defence means three different jobs.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-038.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-038-test-controls-do-not-admire-them.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 038: Test controls — do not admire them</image:title>
      <image:caption>Professor Kai London cybersecurity principle 38: &quot;Test controls — do not admire them.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-039.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-039-start-with-the-business-process-not-the-technology-stack.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 039: Start with the business process, not the technology stack</image:title>
      <image:caption>Professor Kai London cybersecurity principle 39: &quot;Start with the business process, not the technology stack.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-040.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-040-proportionality-is-the-discipline-of-serious-security.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 040: Proportionality is the discipline of serious security</image:title>
      <image:caption>Professor Kai London cybersecurity principle 40: &quot;Proportionality is the discipline of serious security.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-041.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-041-inherent-risk-shows-whether-controls-are-earning-their-place.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 041: Inherent risk shows whether controls are earning their place</image:title>
      <image:caption>Professor Kai London cybersecurity principle 41: &quot;Inherent risk shows whether controls are earning their place.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-042.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-042-trust-damage-rarely-follows-technical-severity.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 042: Trust damage rarely follows technical severity</image:title>
      <image:caption>Professor Kai London cybersecurity principle 42: &quot;Trust damage rarely follows technical severity.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-043.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-043-trust-earned-in-calm-is-the-capital-spent-in-crisis.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 043: Trust earned in calm is the capital spent in crisis</image:title>
      <image:caption>Professor Kai London cybersecurity principle 43: &quot;Trust earned in calm is the capital spent in crisis.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-044.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-044-the-containment-path-must-be-rehearsed-before-the-breach.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 044: The containment path must be rehearsed before the breach</image:title>
      <image:caption>Professor Kai London cybersecurity principle 44: &quot;The containment path must be rehearsed before the breach.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-045.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-045-structured-escalation-beats-silence-and-panic.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 045: Structured escalation beats silence and panic</image:title>
      <image:caption>Professor Kai London cybersecurity principle 45: &quot;Structured escalation beats silence and panic.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-046.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-046-win-avoid-prove-most-organisations-fail-the-third.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 046: Win, avoid, prove — most organisations fail the third</image:title>
      <image:caption>Professor Kai London cybersecurity principle 46: &quot;Win, avoid, prove — most organisations fail the third.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-047.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-047-the-morning-after-the-breach-is-the-only-honest-test.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 047: The morning after the breach is the only honest test</image:title>
      <image:caption>Professor Kai London cybersecurity principle 47: &quot;The morning after the breach is the only honest test.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-048.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-048-a-binder-on-a-shelf-is-not-a-security-programme.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 048: A binder on a shelf is not a security programme</image:title>
      <image:caption>Professor Kai London cybersecurity principle 48: &quot;A binder on a shelf is not a security programme.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-049.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-049-the-right-action-at-the-right-time-by-the-right-owner-with-e.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 049: The right action, at the right time, by the right owner — with evidence</image:title>
      <image:caption>Professor Kai London cybersecurity principle 49: &quot;The right action, at the right time, by the right owner — with evidence.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-050.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-050-governance-was-never-about-controls-it-was-about-the-trust-t.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 050: Governance was never about controls — it was about the trust they protect</image:title>
      <image:caption>Professor Kai London cybersecurity principle 50: &quot;Governance was never about controls — it was about the trust they protect.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-051.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-051-zero-trust-is-not-a-product-it-is-a-refusal-to-believe-witho.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 051: Zero Trust is not a product — it is a refusal to believe without proof</image:title>
      <image:caption>Professor Kai London cybersecurity principle 51: &quot;Zero Trust is not a product — it is a refusal to believe without proof.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-052.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-052-sase-is-not-remote-access-it-is-business-access-under-contin.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 052: SASE is not remote access — it is business access under continuous judgement</image:title>
      <image:caption>Professor Kai London cybersecurity principle 52: &quot;SASE is not remote access — it is business access under continuous judgement.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-053.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-053-xdr-is-not-more-alerts-it-is-decision-compression.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 053: XDR is not more alerts — it is decision compression</image:title>
      <image:caption>Professor Kai London cybersecurity principle 53: &quot;XDR is not more alerts — it is decision compression.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-054.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-054-identity-is-the-new-root-system-of-the-enterprise.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 054: Identity is the new root system of the enterprise</image:title>
      <image:caption>Professor Kai London cybersecurity principle 54: &quot;Identity is the new root system of the enterprise.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-055.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-055-every-privileged-account-is-a-loaded-weapon-with-a-username.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 055: Every privileged account is a loaded weapon with a username</image:title>
      <image:caption>Professor Kai London cybersecurity principle 55: &quot;Every privileged account is a loaded weapon with a username.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-056.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-056-the-perimeter-did-not-disappear-it-multiplied.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 056: The perimeter did not disappear — it multiplied</image:title>
      <image:caption>Professor Kai London cybersecurity principle 56: &quot;The perimeter did not disappear — it multiplied.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-057.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-057-a-firewall-rule-is-not-a-strategy.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 057: A firewall rule is not a strategy</image:title>
      <image:caption>Professor Kai London cybersecurity principle 57: &quot;A firewall rule is not a strategy.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-058.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-058-visibility-without-enforcement-is-observation-not-defence.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 058: Visibility without enforcement is observation, not defence</image:title>
      <image:caption>Professor Kai London cybersecurity principle 58: &quot;Visibility without enforcement is observation, not defence.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-059.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-059-the-attacker-needs-one-path-the-defender-must-know-which-pat.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 059: The attacker needs one path; the defender must know which paths matter</image:title>
      <image:caption>Professor Kai London cybersecurity principle 59: &quot;The attacker needs one path; the defender must know which paths matter.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-060.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-060-every-unmanaged-exception-is-a-future-incident-with-approval.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 060: Every unmanaged exception is a future incident with approval history</image:title>
      <image:caption>Professor Kai London cybersecurity principle 60: &quot;Every unmanaged exception is a future incident with approval history.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-061.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-061-security-debt-compounds-faster-than-technical-debt.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 061: Security debt compounds faster than technical debt</image:title>
      <image:caption>Professor Kai London cybersecurity principle 61: &quot;Security debt compounds faster than technical debt.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-062.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-062-the-most-dangerous-access-is-access-that-became-normal.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 062: The most dangerous access is access that became normal</image:title>
      <image:caption>Professor Kai London cybersecurity principle 62: &quot;The most dangerous access is access that became normal.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-063.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-063-a-policy-without-enforcement-is-corporate-poetry.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 063: A policy without enforcement is corporate poetry</image:title>
      <image:caption>Professor Kai London cybersecurity principle 63: &quot;A policy without enforcement is corporate poetry.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-064.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-064-a-control-without-an-owner-is-already-failing.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 064: A control without an owner is already failing</image:title>
      <image:caption>Professor Kai London cybersecurity principle 64: &quot;A control without an owner is already failing.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-065.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-065-threat-intelligence-is-only-valuable-when-it-changes-a-decis.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 065: Threat intelligence is only valuable when it changes a decision</image:title>
      <image:caption>Professor Kai London cybersecurity principle 65: &quot;Threat intelligence is only valuable when it changes a decision.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-066.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-066-the-board-does-not-need-more-alerts-it-needs-fewer-surprises.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 066: The board does not need more alerts — it needs fewer surprises</image:title>
      <image:caption>Professor Kai London cybersecurity principle 66: &quot;The board does not need more alerts — it needs fewer surprises.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-067.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-067-cybersecurity-is-no-longer-a-cost-centre-it-is-a-trust-engin.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 067: Cybersecurity is no longer a cost centre — it is a trust engine</image:title>
      <image:caption>Professor Kai London cybersecurity principle 67: &quot;Cybersecurity is no longer a cost centre — it is a trust engine.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-068.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-068-security-architecture-is-where-strategy-becomes-enforceable.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 068: Security architecture is where strategy becomes enforceable</image:title>
      <image:caption>Professor Kai London cybersecurity principle 68: &quot;Security architecture is where strategy becomes enforceable.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-069.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-069-the-cloud-did-not-remove-risk-it-made-weak-governance-scalab.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 069: The cloud did not remove risk — it made weak governance scalable</image:title>
      <image:caption>Professor Kai London cybersecurity principle 69: &quot;The cloud did not remove risk — it made weak governance scalable.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-070.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-070-hybrid-work-did-not-weaken-security-poor-access-design-did.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 070: Hybrid work did not weaken security — poor access design did</image:title>
      <image:caption>Professor Kai London cybersecurity principle 70: &quot;Hybrid work did not weaken security — poor access design did.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-071.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-071-the-helpdesk-is-now-part-of-the-attack-surface.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 071: The helpdesk is now part of the attack surface</image:title>
      <image:caption>Professor Kai London cybersecurity principle 71: &quot;The helpdesk is now part of the attack surface.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-072.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-072-an-api-is-a-door-treat-it-like-one.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 072: An API is a door — treat it like one</image:title>
      <image:caption>Professor Kai London cybersecurity principle 72: &quot;An API is a door — treat it like one.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-073.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-073-data-does-not-leak-only-through-breaches-it-leaks-through-ba.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 073: Data does not leak only through breaches — it leaks through bad design</image:title>
      <image:caption>Professor Kai London cybersecurity principle 73: &quot;Data does not leak only through breaches — it leaks through bad design.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-074.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-074-shadow-ai-is-shadow-it-with-executive-liability.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 074: Shadow AI is shadow IT with executive liability</image:title>
      <image:caption>Professor Kai London cybersecurity principle 74: &quot;Shadow AI is shadow IT with executive liability.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-075.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-075-the-answer-may-be-artificial-but-the-liability-is-real.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 075: The answer may be artificial, but the liability is real</image:title>
      <image:caption>Professor Kai London cybersecurity principle 75: &quot;The answer may be artificial, but the liability is real.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-076.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-076-cyber-insurance-does-not-replace-cyber-discipline.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 076: Cyber insurance does not replace cyber discipline</image:title>
      <image:caption>Professor Kai London cybersecurity principle 76: &quot;Cyber insurance does not replace cyber discipline.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-077.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-077-a-supplier-questionnaire-is-not-supplychain-security.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 077: A supplier questionnaire is not supply-chain security</image:title>
      <image:caption>Professor Kai London cybersecurity principle 77: &quot;A supplier questionnaire is not supply-chain security.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-078.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-078-a-green-dashboard-can-still-hide-a-red-business-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 078: A green dashboard can still hide a red business risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 78: &quot;A green dashboard can still hide a red business risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-079.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-079-control-maturity-without-business-context-is-expensive-decor.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 079: Control maturity without business context is expensive decoration</image:title>
      <image:caption>Professor Kai London cybersecurity principle 79: &quot;Control maturity without business context is expensive decoration.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-080.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-080-the-best-cisos-reduce-ambiguity-before-they-reduce-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 080: The best CISOs reduce ambiguity before they reduce risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 80: &quot;The best CISOs reduce ambiguity before they reduce risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-081.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-081-cyber-leadership-is-making-risk-visible-before-it-becomes-ob.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 081: Cyber leadership is making risk visible before it becomes obvious</image:title>
      <image:caption>Professor Kai London cybersecurity principle 81: &quot;Cyber leadership is making risk visible before it becomes obvious.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-082.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-082-security-culture-shows-itself-when-policy-is-inconvenient.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 082: Security culture shows itself when policy is inconvenient</image:title>
      <image:caption>Professor Kai London cybersecurity principle 82: &quot;Security culture shows itself when policy is inconvenient.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-083.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-083-the-breach-report-is-written-long-before-the-breach.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 083: The breach report is written long before the breach</image:title>
      <image:caption>Professor Kai London cybersecurity principle 83: &quot;The breach report is written long before the breach.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-084.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-084-forensics-begin-before-the-incident.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 084: Forensics begin before the incident</image:title>
      <image:caption>Professor Kai London cybersecurity principle 84: &quot;Forensics begin before the incident.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-085.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-085-the-attacker-does-not-care-who-owns-the-system.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 085: The attacker does not care who owns the system</image:title>
      <image:caption>Professor Kai London cybersecurity principle 85: &quot;The attacker does not care who owns the system.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-086.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-086-cyber-resilience-is-a-team-sport-with-named-players.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 086: Cyber resilience is a team sport with named players</image:title>
      <image:caption>Professor Kai London cybersecurity principle 86: &quot;Cyber resilience is a team sport with named players.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-087.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-087-the-faster-you-contain-the-less-you-explain.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 087: The faster you contain, the less you explain</image:title>
      <image:caption>Professor Kai London cybersecurity principle 87: &quot;The faster you contain, the less you explain.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-088.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-088-a-crisis-does-not-create-weakness-it-reveals-it.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 088: A crisis does not create weakness — it reveals it</image:title>
      <image:caption>Professor Kai London cybersecurity principle 88: &quot;A crisis does not create weakness — it reveals it.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-089.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-089-every-merger-imports-trust-every-integration-imports-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 089: Every merger imports trust; every integration imports risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 89: &quot;Every merger imports trust; every integration imports risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-090.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-090-the-fastest-route-to-breach-is-often-the-route-approved-for-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 090: The fastest route to breach is often the route approved for convenience</image:title>
      <image:caption>Professor Kai London cybersecurity principle 90: &quot;The fastest route to breach is often the route approved for convenience.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-091.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-091-a-secure-design-that-cannot-be-operated-is-not-secure.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 091: A secure design that cannot be operated is not secure</image:title>
      <image:caption>Professor Kai London cybersecurity principle 91: &quot;A secure design that cannot be operated is not secure.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-092.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-092-security-transformation-fails-when-evidence-is-designed-last.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 092: Security transformation fails when evidence is designed last</image:title>
      <image:caption>Professor Kai London cybersecurity principle 92: &quot;Security transformation fails when evidence is designed last.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-093.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-093-the-audit-should-not-be-the-first-time-a-control-is-tested.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 093: The audit should not be the first time a control is tested</image:title>
      <image:caption>Professor Kai London cybersecurity principle 93: &quot;The audit should not be the first time a control is tested.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-094.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-094-continuous-access-requires-continuous-assurance.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 094: Continuous access requires continuous assurance</image:title>
      <image:caption>Professor Kai London cybersecurity principle 94: &quot;Continuous access requires continuous assurance.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-095.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-095-a-control-that-cannot-fail-safely-can-fail-catastrophically.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 095: A control that cannot fail safely can fail catastrophically</image:title>
      <image:caption>Professor Kai London cybersecurity principle 95: &quot;A control that cannot fail safely can fail catastrophically.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-096.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-096-cyber-risk-is-not-reduced-by-noise-it-is-reduced-by-decision.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 096: Cyber risk is not reduced by noise — it is reduced by decisions</image:title>
      <image:caption>Professor Kai London cybersecurity principle 96: &quot;Cyber risk is not reduced by noise — it is reduced by decisions.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-097.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-097-trust-is-not-a-statement-it-is-an-operating-condition.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 097: Trust is not a statement — it is an operating condition</image:title>
      <image:caption>Professor Kai London cybersecurity principle 97: &quot;Trust is not a statement — it is an operating condition.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-098.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-098-the-elite-cyber-professional-protects-the-packet-the-policy-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 098: The elite cyber professional protects the packet, the policy and the profit</image:title>
      <image:caption>Professor Kai London cybersecurity principle 98: &quot;The elite cyber professional protects the packet, the policy and the profit.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-099.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-099-do-not-sell-security-sell-confidence-under-scrutiny.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 099: Do not sell security — sell confidence under scrutiny</image:title>
      <image:caption>Professor Kai London cybersecurity principle 99: &quot;Do not sell security — sell confidence under scrutiny.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-100.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-100-professor-kai-london-prove-trust-before-pressure-exposes-the.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 100: Professor Kai London: prove trust before pressure exposes the fault</image:title>
      <image:caption>Professor Kai London cybersecurity principle 100: &quot;Professor Kai London: prove trust before pressure exposes the fault.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-101.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-101-security-is-a-promise-you-must-be-able-to-keep-on-your-worst.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 101: Security is a promise you must be able to keep on your worst day</image:title>
      <image:caption>Professor Kai London cybersecurity principle 101: &quot;Security is a promise you must be able to keep on your worst day.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-102.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-102-anticipate-the-breach-engineer-the-containment-evidence-the-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 102: Anticipate the breach. Engineer the containment. Evidence the trust</image:title>
      <image:caption>Professor Kai London cybersecurity principle 102: &quot;Anticipate the breach. Engineer the containment. Evidence the trust.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-103.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-103-verification-is-cheaper-than-regret.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 103: Verification is cheaper than regret</image:title>
      <image:caption>Professor Kai London cybersecurity principle 103: &quot;Verification is cheaper than regret.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-104.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-104-assume-compromise-then-design-like-it-already-happened.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 104: Assume compromise, then design like it already happened</image:title>
      <image:caption>Professor Kai London cybersecurity principle 104: &quot;Assume compromise, then design like it already happened.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-105.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-105-the-best-incident-is-the-one-your-design-made-boring.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 105: The best incident is the one your design made boring</image:title>
      <image:caption>Professor Kai London cybersecurity principle 105: &quot;The best incident is the one your design made boring.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-106.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-106-trust-is-a-budget-spend-it-deliberately-never-by-default.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 106: Trust is a budget — spend it deliberately, never by default</image:title>
      <image:caption>Professor Kai London cybersecurity principle 106: &quot;Trust is a budget — spend it deliberately, never by default.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-107.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-107-you-dont-rise-to-the-threat-you-fall-to-your-weakest-rehears.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 107: You don&#x27;t rise to the threat; you fall to your weakest rehearsal</image:title>
      <image:caption>Professor Kai London cybersecurity principle 107: &quot;You don&#x27;t rise to the threat; you fall to your weakest rehearsal.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-108.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-108-an-unverified-login-is-a-stranger-you-handed-the-keys-to.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 108: An unverified login is a stranger you handed the keys to</image:title>
      <image:caption>Professor Kai London cybersecurity principle 108: &quot;An unverified login is a stranger you handed the keys to.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-109.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-109-security-that-slows-the-business-will-be-switched-off-in-the.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 109: Security that slows the business will be switched off in the dark</image:title>
      <image:caption>Professor Kai London cybersecurity principle 109: &quot;Security that slows the business will be switched off in the dark.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-110.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-110-the-cloud-rents-you-speed-and-lends-you-blind-spots.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 110: The cloud rents you speed and lends you blind spots</image:title>
      <image:caption>Professor Kai London cybersecurity principle 110: &quot;The cloud rents you speed and lends you blind spots.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-111.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-111-a-privilege-nobody-reviews-becomes-a-liability-nobody-owns.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 111: A privilege nobody reviews becomes a liability nobody owns</image:title>
      <image:caption>Professor Kai London cybersecurity principle 111: &quot;A privilege nobody reviews becomes a liability nobody owns.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-112.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-112-detection-you-never-tested-is-a-smoke-alarm-with-no-battery.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 112: Detection you never tested is a smoke alarm with no battery</image:title>
      <image:caption>Professor Kai London cybersecurity principle 112: &quot;Detection you never tested is a smoke alarm with no battery.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-113.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-113-resilience-is-bought-before-the-storm-not-borrowed-during-it.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 113: Resilience is bought before the storm, not borrowed during it</image:title>
      <image:caption>Professor Kai London cybersecurity principle 113: &quot;Resilience is bought before the storm, not borrowed during it.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-114.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-114-speak-risk-in-the-currency-of-the-room-revenue-not-red.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 114: Speak risk in the currency of the room: revenue, not red</image:title>
      <image:caption>Professor Kai London cybersecurity principle 114: &quot;Speak risk in the currency of the room: revenue, not red.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-115.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-115-every-integration-is-a-relationship-and-every-relationship-c.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 115: Every integration is a relationship, and every relationship carries risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 115: &quot;Every integration is a relationship, and every relationship carries risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-116.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-116-a-control-without-a-witness-cannot-defend-you-later.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 116: A control without a witness cannot defend you later</image:title>
      <image:caption>Professor Kai London cybersecurity principle 116: &quot;A control without a witness cannot defend you later.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-117.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-117-the-attacker-rehearses-your-environment-more-than-your-team-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 117: The attacker rehearses your environment more than your team does</image:title>
      <image:caption>Professor Kai London cybersecurity principle 117: &quot;The attacker rehearses your environment more than your team does.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-118.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-118-secure-the-path-not-just-the-perimeter-the-journey-is-the-ta.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 118: Secure the path, not just the perimeter — the journey is the target</image:title>
      <image:caption>Professor Kai London cybersecurity principle 118: &quot;Secure the path, not just the perimeter — the journey is the target.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-119.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-119-visibility-without-action-is-just-expensive-watching.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 119: Visibility without action is just expensive watching</image:title>
      <image:caption>Professor Kai London cybersecurity principle 119: &quot;Visibility without action is just expensive watching.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-120.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-120-a-risk-you-cannot-name-you-cannot-fund.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 120: A risk you cannot name, you cannot fund</image:title>
      <image:caption>Professor Kai London cybersecurity principle 120: &quot;A risk you cannot name, you cannot fund.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-121.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-121-automation-is-leverage-for-the-defender-and-the-intruder-ali.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 121: Automation is leverage — for the defender and the intruder alike</image:title>
      <image:caption>Professor Kai London cybersecurity principle 121: &quot;Automation is leverage — for the defender and the intruder alike.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-122.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-122-the-quietest-risk-is-the-one-everyone-assumed-someone-else-o.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 122: The quietest risk is the one everyone assumed someone else owned</image:title>
      <image:caption>Professor Kai London cybersecurity principle 122: &quot;The quietest risk is the one everyone assumed someone else owned.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-123.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-123-encryption-protects-the-data-governance-protects-the-decisio.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 123: Encryption protects the data; governance protects the decision</image:title>
      <image:caption>Professor Kai London cybersecurity principle 123: &quot;Encryption protects the data; governance protects the decision.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-124.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-124-your-suppliers-weakest-day-is-on-your-balance-sheet.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 124: Your suppliers&#x27; weakest day is on your balance sheet</image:title>
      <image:caption>Professor Kai London cybersecurity principle 124: &quot;Your suppliers&#x27; weakest day is on your balance sheet.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-125.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-125-identity-is-the-new-firewall-and-it-is-always-logged-in.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 125: Identity is the new firewall — and it is always logged in</image:title>
      <image:caption>Professor Kai London cybersecurity principle 125: &quot;Identity is the new firewall — and it is always logged in.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-126.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-126-patience-is-the-adversarys-favourite-exploit.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 126: Patience is the adversary&#x27;s favourite exploit</image:title>
      <image:caption>Professor Kai London cybersecurity principle 126: &quot;Patience is the adversary&#x27;s favourite exploit.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-127.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-127-a-policy-nobody-can-follow-is-a-risk-you-wrote-down.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 127: A policy nobody can follow is a risk you wrote down</image:title>
      <image:caption>Professor Kai London cybersecurity principle 127: &quot;A policy nobody can follow is a risk you wrote down.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-128.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-128-recovery-time-is-a-promise-test-it-before-you-make-it.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 128: Recovery time is a promise; test it before you make it</image:title>
      <image:caption>Professor Kai London cybersecurity principle 128: &quot;Recovery time is a promise; test it before you make it.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-129.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-129-the-board-doesnt-fear-the-breach-it-fears-the-surprise.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 129: The board doesn&#x27;t fear the breach; it fears the surprise</image:title>
      <image:caption>Professor Kai London cybersecurity principle 129: &quot;The board doesn&#x27;t fear the breach; it fears the surprise.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-130.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-130-ai-without-oversight-is-confidence-without-accountability.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 130: AI without oversight is confidence without accountability</image:title>
      <image:caption>Professor Kai London cybersecurity principle 130: &quot;AI without oversight is confidence without accountability.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-131.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-131-shadow-tools-cast-real-shadows-on-the-audit.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 131: Shadow tools cast real shadows on the audit</image:title>
      <image:caption>Professor Kai London cybersecurity principle 131: &quot;Shadow tools cast real shadows on the audit.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-132.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-132-the-strongest-lock-fails-at-the-weakest-hinge-the-human-one.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 132: The strongest lock fails at the weakest hinge — the human one</image:title>
      <image:caption>Professor Kai London cybersecurity principle 132: &quot;The strongest lock fails at the weakest hinge — the human one.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-133.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-133-maturity-is-doing-the-unglamorous-control-consistently.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 133: Maturity is doing the unglamorous control consistently</image:title>
      <image:caption>Professor Kai London cybersecurity principle 133: &quot;Maturity is doing the unglamorous control consistently.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-134.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-134-a-metric-that-changes-no-decision-is-just-a-number-wearing-a.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 134: A metric that changes no decision is just a number wearing a badge</image:title>
      <image:caption>Professor Kai London cybersecurity principle 134: &quot;A metric that changes no decision is just a number wearing a badge.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-135.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-135-containment-is-a-design-choice-you-make-long-before-the-alar.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 135: Containment is a design choice you make long before the alarm</image:title>
      <image:caption>Professor Kai London cybersecurity principle 135: &quot;Containment is a design choice you make long before the alarm.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-136.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-136-trust-must-be-renewed-never-assumed-to-be-permanent.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 136: Trust must be renewed, never assumed to be permanent</image:title>
      <image:caption>Professor Kai London cybersecurity principle 136: &quot;Trust must be renewed, never assumed to be permanent.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-137.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-137-the-first-casualty-of-a-breach-is-the-story-nobody-prepared.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 137: The first casualty of a breach is the story nobody prepared</image:title>
      <image:caption>Professor Kai London cybersecurity principle 137: &quot;The first casualty of a breach is the story nobody prepared.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-138.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-138-good-security-makes-the-right-thing-the-easy-thing.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 138: Good security makes the right thing the easy thing</image:title>
      <image:caption>Professor Kai London cybersecurity principle 138: &quot;Good security makes the right thing the easy thing.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-139.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-139-an-exception-with-no-expiry-is-a-permanent-vulnerability-wit.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 139: An exception with no expiry is a permanent vulnerability with paperwork</image:title>
      <image:caption>Professor Kai London cybersecurity principle 139: &quot;An exception with no expiry is a permanent vulnerability with paperwork.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-140.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-140-the-breach-report-is-drafted-by-the-decisions-you-make-today.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 140: The breach report is drafted by the decisions you make today</image:title>
      <image:caption>Professor Kai London cybersecurity principle 140: &quot;The breach report is drafted by the decisions you make today.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-141.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-141-complexity-is-the-cost-the-attacker-hopes-you-keep-paying.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 141: Complexity is the cost the attacker hopes you keep paying</image:title>
      <image:caption>Professor Kai London cybersecurity principle 141: &quot;Complexity is the cost the attacker hopes you keep paying.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-142.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-142-you-cannot-outsource-accountability-only-the-activity.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 142: You cannot outsource accountability, only the activity</image:title>
      <image:caption>Professor Kai London cybersecurity principle 142: &quot;You cannot outsource accountability, only the activity.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-143.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-143-the-dangerous-configuration-is-the-one-nobody-remembers-sett.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 143: The dangerous configuration is the one nobody remembers setting</image:title>
      <image:caption>Professor Kai London cybersecurity principle 143: &quot;The dangerous configuration is the one nobody remembers setting.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-144.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-144-threat-intelligence-earns-its-keep-only-when-it-changes-a-co.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 144: Threat intelligence earns its keep only when it changes a control</image:title>
      <image:caption>Professor Kai London cybersecurity principle 144: &quot;Threat intelligence earns its keep only when it changes a control.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-145.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-145-privacy-designed-in-costs-less-than-privacy-litigated-out.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 145: Privacy designed in costs less than privacy litigated out</image:title>
      <image:caption>Professor Kai London cybersecurity principle 145: &quot;Privacy designed in costs less than privacy litigated out.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-146.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-146-your-weakest-identity-is-your-true-security-level.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 146: Your weakest identity is your true security level</image:title>
      <image:caption>Professor Kai London cybersecurity principle 146: &quot;Your weakest identity is your true security level.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-147.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-147-a-backup-you-have-never-restored-is-a-hope-not-a-safeguard.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 147: A backup you have never restored is a hope, not a safeguard</image:title>
      <image:caption>Professor Kai London cybersecurity principle 147: &quot;A backup you have never restored is a hope, not a safeguard.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-148.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-148-security-culture-is-what-people-do-when-no-control-is-watchi.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 148: Security culture is what people do when no control is watching</image:title>
      <image:caption>Professor Kai London cybersecurity principle 148: &quot;Security culture is what people do when no control is watching.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-149.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-149-speed-without-guardrails-is-just-a-faster-way-to-fail.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 149: Speed without guardrails is just a faster way to fail</image:title>
      <image:caption>Professor Kai London cybersecurity principle 149: &quot;Speed without guardrails is just a faster way to fail.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-150.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-150-govern-the-new-technology-before-it-governs-your-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 150: Govern the new technology before it governs your risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 150: &quot;Govern the new technology before it governs your risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-151.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-151-the-map-is-not-the-network-verify-what-is-actually-connected.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 151: The map is not the network — verify what is actually connected</image:title>
      <image:caption>Professor Kai London cybersecurity principle 151: &quot;The map is not the network — verify what is actually connected.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-152.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-152-least-privilege-is-kindness-to-your-future-self.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 152: Least privilege is kindness to your future self</image:title>
      <image:caption>Professor Kai London cybersecurity principle 152: &quot;Least privilege is kindness to your future self.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-153.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-153-a-soc-drowning-in-alerts-is-blind-in-plain-sight.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 153: A SOC drowning in alerts is blind in plain sight</image:title>
      <image:caption>Professor Kai London cybersecurity principle 153: &quot;A SOC drowning in alerts is blind in plain sight.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-154.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-154-resilience-is-measured-in-how-fast-you-return-not-whether-yo.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 154: Resilience is measured in how fast you return, not whether you fall</image:title>
      <image:caption>Professor Kai London cybersecurity principle 154: &quot;Resilience is measured in how fast you return, not whether you fall.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-155.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-155-the-contract-is-a-control-read-it-like-a-firewall-rule.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 155: The contract is a control — read it like a firewall rule</image:title>
      <image:caption>Professor Kai London cybersecurity principle 155: &quot;The contract is a control — read it like a firewall rule.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-156.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-156-data-you-dont-need-is-risk-you-chose-to-keep.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 156: Data you don&#x27;t need is risk you chose to keep</image:title>
      <image:caption>Professor Kai London cybersecurity principle 156: &quot;Data you don&#x27;t need is risk you chose to keep.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-157.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-157-machinespeed-attacks-demand-machinespeed-answers.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 157: Machine-speed attacks demand machine-speed answers</image:title>
      <image:caption>Professor Kai London cybersecurity principle 157: &quot;Machine-speed attacks demand machine-speed answers.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-158.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-158-every-alert-you-ignore-trains-you-to-ignore-the-next-one.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 158: Every alert you ignore trains you to ignore the next one</image:title>
      <image:caption>Professor Kai London cybersecurity principle 158: &quot;Every alert you ignore trains you to ignore the next one.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-159.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-159-the-perimeter-went-home-to-the-caf-and-into-the-phone.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 159: The perimeter went home, to the café, and into the phone</image:title>
      <image:caption>Professor Kai London cybersecurity principle 159: &quot;The perimeter went home, to the café, and into the phone.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-160.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-160-assurance-is-a-sales-asset-not-just-a-safeguard.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 160: Assurance is a sales asset, not just a safeguard</image:title>
      <image:caption>Professor Kai London cybersecurity principle 160: &quot;Assurance is a sales asset, not just a safeguard.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-161.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-161-a-risk-accepted-in-silence-is-a-risk-owned-by-no-one.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 161: A risk accepted in silence is a risk owned by no one</image:title>
      <image:caption>Professor Kai London cybersecurity principle 161: &quot;A risk accepted in silence is a risk owned by no one.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-162.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-162-segmentation-decides-whether-one-fire-stays-one-room.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 162: Segmentation decides whether one fire stays one room</image:title>
      <image:caption>Professor Kai London cybersecurity principle 162: &quot;Segmentation decides whether one fire stays one room.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-163.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-163-the-exploit-you-patch-slowly-the-attacker-uses-quickly.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 163: The exploit you patch slowly, the attacker uses quickly</image:title>
      <image:caption>Professor Kai London cybersecurity principle 163: &quot;The exploit you patch slowly, the attacker uses quickly.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-164.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-164-confidence-is-not-a-control-evidence-is.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 164: Confidence is not a control; evidence is</image:title>
      <image:caption>Professor Kai London cybersecurity principle 164: &quot;Confidence is not a control; evidence is.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-165.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-165-an-api-key-in-the-wrong-place-is-a-master-key-in-the-open.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 165: An API key in the wrong place is a master key in the open</image:title>
      <image:caption>Professor Kai London cybersecurity principle 165: &quot;An API key in the wrong place is a master key in the open.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-166.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-166-govern-the-model-not-just-the-data-it-learned-from.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 166: Govern the model, not just the data it learned from</image:title>
      <image:caption>Professor Kai London cybersecurity principle 166: &quot;Govern the model, not just the data it learned from.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-167.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-167-the-honest-dashboard-shows-what-is-broken-not-what-is-busy.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 167: The honest dashboard shows what is broken, not what is busy</image:title>
      <image:caption>Professor Kai London cybersecurity principle 167: &quot;The honest dashboard shows what is broken, not what is busy.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-168.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-168-you-secure-what-you-can-see-and-lose-what-you-cannot.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 168: You secure what you can see, and lose what you cannot</image:title>
      <image:caption>Professor Kai London cybersecurity principle 168: &quot;You secure what you can see, and lose what you cannot.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-169.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-169-a-breach-tests-your-architecture-a-coverup-tests-your-career.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 169: A breach tests your architecture; a cover-up tests your career</image:title>
      <image:caption>Professor Kai London cybersecurity principle 169: &quot;A breach tests your architecture; a cover-up tests your career.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-170.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-170-the-cheapest-control-is-the-bad-habit-you-never-started.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 170: The cheapest control is the bad habit you never started</image:title>
      <image:caption>Professor Kai London cybersecurity principle 170: &quot;The cheapest control is the bad habit you never started.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-171.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-171-identity-sprawl-is-attack-surface-you-forgot-you-hired.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 171: Identity sprawl is attack surface you forgot you hired</image:title>
      <image:caption>Professor Kai London cybersecurity principle 171: &quot;Identity sprawl is attack surface you forgot you hired.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-172.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-172-plan-for-the-failure-of-the-thing-you-trust-the-most.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 172: Plan for the failure of the thing you trust the most</image:title>
      <image:caption>Professor Kai London cybersecurity principle 172: &quot;Plan for the failure of the thing you trust the most.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-173.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-173-security-debt-charges-interest-in-incidents.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 173: Security debt charges interest in incidents</image:title>
      <image:caption>Professor Kai London cybersecurity principle 173: &quot;Security debt charges interest in incidents.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-174.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-174-a-vendors-certificate-proves-intent-not-effectiveness.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 174: A vendor&#x27;s certificate proves intent, not effectiveness</image:title>
      <image:caption>Professor Kai London cybersecurity principle 174: &quot;A vendor&#x27;s certificate proves intent, not effectiveness.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-175.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-175-make-the-secure-path-the-default-path.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 175: Make the secure path the default path</image:title>
      <image:caption>Professor Kai London cybersecurity principle 175: &quot;Make the secure path the default path.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-176.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-176-the-strongest-signal-is-a-trend-not-a-snapshot.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 176: The strongest signal is a trend, not a snapshot</image:title>
      <image:caption>Professor Kai London cybersecurity principle 176: &quot;The strongest signal is a trend, not a snapshot.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-177.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-177-an-attacker-only-needs-the-door-you-stopped-checking.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 177: An attacker only needs the door you stopped checking</image:title>
      <image:caption>Professor Kai London cybersecurity principle 177: &quot;An attacker only needs the door you stopped checking.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-178.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-178-resilience-is-a-team-with-named-roles-not-a-document-with-a-.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 178: Resilience is a team with named roles, not a document with a title</image:title>
      <image:caption>Professor Kai London cybersecurity principle 178: &quot;Resilience is a team with named roles, not a document with a title.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-179.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-179-the-model-can-be-artificial-the-consequence-never-is.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 179: The model can be artificial; the consequence never is</image:title>
      <image:caption>Professor Kai London cybersecurity principle 179: &quot;The model can be artificial; the consequence never is.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-180.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-180-convenience-is-the-side-door-most-breaches-walk-through.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 180: Convenience is the side door most breaches walk through</image:title>
      <image:caption>Professor Kai London cybersecurity principle 180: &quot;Convenience is the side door most breaches walk through.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-181.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-181-test-the-control-before-the-auditor-and-before-the-attacker.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 181: Test the control before the auditor — and before the attacker</image:title>
      <image:caption>Professor Kai London cybersecurity principle 181: &quot;Test the control before the auditor — and before the attacker.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-182.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-182-decommissioning-is-a-security-task-not-a-cleanup-chore.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 182: Decommissioning is a security task, not a cleanup chore</image:title>
      <image:caption>Professor Kai London cybersecurity principle 182: &quot;Decommissioning is a security task, not a cleanup chore.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-183.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-183-the-crisis-reveals-the-gaps-the-calm-let-you-ignore.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 183: The crisis reveals the gaps the calm let you ignore</image:title>
      <image:caption>Professor Kai London cybersecurity principle 183: &quot;The crisis reveals the gaps the calm let you ignore.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-184.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-184-a-control-that-cannot-fail-safely-will-fail-badly.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 184: A control that cannot fail safely will fail badly</image:title>
      <image:caption>Professor Kai London cybersecurity principle 184: &quot;A control that cannot fail safely will fail badly.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-185.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-185-mergers-buy-revenue-and-inherit-someone-elses-risk.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 185: Mergers buy revenue and inherit someone else&#x27;s risk</image:title>
      <image:caption>Professor Kai London cybersecurity principle 185: &quot;Mergers buy revenue and inherit someone else&#x27;s risk.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-186.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-186-security-is-a-leadership-behaviour-before-it-is-a-technology.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 186: Security is a leadership behaviour before it is a technology</image:title>
      <image:caption>Professor Kai London cybersecurity principle 186: &quot;Security is a leadership behaviour before it is a technology.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-187.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-187-the-unread-log-is-the-witness-you-silenced-in-advance.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 187: The unread log is the witness you silenced in advance</image:title>
      <image:caption>Professor Kai London cybersecurity principle 187: &quot;The unread log is the witness you silenced in advance.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-188.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-188-build-for-the-question-you-will-be-asked-under-oath.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 188: Build for the question you will be asked under oath</image:title>
      <image:caption>Professor Kai London cybersecurity principle 188: &quot;Build for the question you will be asked under oath.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-189.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-189-operational-security-dies-in-the-gap-between-projects.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 189: Operational security dies in the gap between projects</image:title>
      <image:caption>Professor Kai London cybersecurity principle 189: &quot;Operational security dies in the gap between projects.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-190.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-190-a-standing-connection-is-a-standing-invitation-review-it.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 190: A standing connection is a standing invitation — review it</image:title>
      <image:caption>Professor Kai London cybersecurity principle 190: &quot;A standing connection is a standing invitation — review it.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-191.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-191-phishing-succeeds-on-hurry-not-on-stupidity.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 191: Phishing succeeds on hurry, not on stupidity</image:title>
      <image:caption>Professor Kai London cybersecurity principle 191: &quot;Phishing succeeds on hurry, not on stupidity.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-192.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-192-the-quantum-clock-is-already-ticking-on-todays-secrets.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 192: The quantum clock is already ticking on today&#x27;s secrets</image:title>
      <image:caption>Professor Kai London cybersecurity principle 192: &quot;The quantum clock is already ticking on today&#x27;s secrets.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-193.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-193-ot-failures-cost-in-safety-not-just-in-data.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 193: OT failures cost in safety, not just in data</image:title>
      <image:caption>Professor Kai London cybersecurity principle 193: &quot;OT failures cost in safety, not just in data.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-194.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-194-a-risk-owner-without-authority-is-a-scapegoat-with-a-title.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 194: A risk owner without authority is a scapegoat with a title</image:title>
      <image:caption>Professor Kai London cybersecurity principle 194: &quot;A risk owner without authority is a scapegoat with a title.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-195.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-195-continuous-access-demands-continuous-proof.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 195: Continuous access demands continuous proof</image:title>
      <image:caption>Professor Kai London cybersecurity principle 195: &quot;Continuous access demands continuous proof.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-196.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-196-the-intruder-loves-a-flat-network-the-way-water-loves-a-slop.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 196: The intruder loves a flat network the way water loves a slope</image:title>
      <image:caption>Professor Kai London cybersecurity principle 196: &quot;The intruder loves a flat network the way water loves a slope.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-197.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-197-reputation-is-recovered-slower-than-systems.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 197: Reputation is recovered slower than systems</image:title>
      <image:caption>Professor Kai London cybersecurity principle 197: &quot;Reputation is recovered slower than systems.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-198.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-198-the-professional-who-can-prove-it-outranks-the-one-who-claim.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 198: The professional who can prove it outranks the one who claims it</image:title>
      <image:caption>Professor Kai London cybersecurity principle 198: &quot;The professional who can prove it outranks the one who claims it.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-199.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-199-dont-sell-fear-sell-the-confidence-to-withstand-scrutiny.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 199: Don&#x27;t sell fear — sell the confidence to withstand scrutiny</image:title>
      <image:caption>Professor Kai London cybersecurity principle 199: &quot;Don&#x27;t sell fear — sell the confidence to withstand scrutiny.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/principle-200.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/cards/professor-kai-london-ciso-cyber-security-principle-200-professor-kai-london-i-engineer-the-trust-your-business-cann.png</image:loc>
      <image:title>Professor Kai London — Cybersecurity Principle 200: Professor Kai London: I engineer the trust your business cannot afford to lose</image:title>
      <image:caption>Professor Kai London cybersecurity principle 200: &quot;Professor Kai London: I engineer the trust your business cannot afford to lose.&quot; — CISO, AI security &amp; cyber resilience advisor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-21.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-22.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-23.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-24.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-25.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-26.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-27.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-28.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-29.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-30.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-31.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-32.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-33.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-34.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-35.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-36.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-37.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-38.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-39.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-40.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-41.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-51.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-52.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-53.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-54.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-55.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-56.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-57.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-58.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-59.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-60.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-61.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-62.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-01.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-02.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-03.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-04.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-05.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-06.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-07.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-08.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-09.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-cyber-resilience-principle-10.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-11.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-12.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-13.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-14.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-15.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-16.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-17.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-18.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-19.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-professor-kai-london-principle-20.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-01.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-02.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-03.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-04.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-05.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-06.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-07.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-08.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-09.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-10.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-100-alt.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-100.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-63.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-64.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-65.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-66.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-67.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-68.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-69.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-70.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-71.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-72.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-73.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-74.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-75.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-76.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-77.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-78.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-79.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-80.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-81.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-82.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-83.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-84.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-85.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-86.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-87.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-88.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-89.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-90.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-91.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-92.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-93.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-94.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-95.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-96.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-97.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-98.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-cyber-resilience-authority-card-card-99.png</image:loc>
      <image:title>Professor Kai London — cybersecurity &amp; cyber resilience authority principle card</image:title>
      <image:caption>Cybersecurity leadership principle card by Professor Kai London — CISO, AI security &amp; cyber resilience advisor. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-kailondon-emblem-transparent.png</image:loc>
      <image:title>Professor Kai London — official brand logo (CISO &amp; cybersecurity advisor)</image:title>
      <image:caption>Official Professor Kai London brand mark — cybersecurity, AI security and cyber resilience advisory. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-kailondon-logo-horizontal-dark.png</image:loc>
      <image:title>Professor Kai London — official brand logo (CISO &amp; cybersecurity advisor)</image:title>
      <image:caption>Official Professor Kai London brand mark — cybersecurity, AI security and cyber resilience advisory. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-kailondon-logo-vertical-dark.png</image:loc>
      <image:title>Professor Kai London — official brand logo (CISO &amp; cybersecurity advisor)</image:title>
      <image:caption>Official Professor Kai London brand mark — cybersecurity, AI security and cyber resilience advisory. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-kailondon-logo-vertical-transparent.png</image:loc>
      <image:title>Professor Kai London — official brand logo (CISO &amp; cybersecurity advisor)</image:title>
      <image:caption>Official Professor Kai London brand mark — cybersecurity, AI security and cyber resilience advisory. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-ai-security-principles-ai-principles1.png</image:loc>
      <image:title>Professor Kai London — AI security &amp; governance principles</image:title>
      <image:caption>AI security and governance principles by Professor Kai London — CISO and AI security strategist. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-ai-security-principles-ai-principles2.png</image:loc>
      <image:title>Professor Kai London — AI security &amp; governance principles</image:title>
      <image:caption>AI security and governance principles by Professor Kai London — CISO and AI security strategist. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-ai-security-principles-ai-principles3.png</image:loc>
      <image:title>Professor Kai London — AI security &amp; governance principles</image:title>
      <image:caption>AI security and governance principles by Professor Kai London — CISO and AI security strategist. professorkailondon.com</image:caption>
    </image:image>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/gallery/professor-kai-london-ai-security-principles-logo.png</image:loc>
      <image:title>Professor Kai London — AI security &amp; governance principles</image:title>
      <image:caption>AI security and governance principles by Professor Kai London — CISO and AI security strategist. professorkailondon.com</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-001.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-001-trust-is-won-before-pressure-arrives-and-proven-when-pressure-tests-th.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 001: Trust is won before pressure arrives and proven when pressure tests th</image:title>
      <image:caption>Trust is won before pressure arrives and proven when pressure tests the enterprise. — Professor Kai London, CISO. Principle 1 of 300 on Cyber Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-002.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-002-evidence-converts-security-from-confidence-into-defensible-commercial-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 002: Evidence converts security from confidence into defensible commercial </image:title>
      <image:caption>Evidence converts security from confidence into defensible commercial assurance. — Professor Kai London, CISO. Principle 2 of 300 on Evidence / GRC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-003.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-003-cybersecurity-belongs-in-the-boardroom-because-digital-trust-now-prote.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 003: Cybersecurity belongs in the boardroom because digital trust now prote</image:title>
      <image:caption>Cybersecurity belongs in the boardroom because digital trust now protects enterprise value. — Professor Kai London, CISO. Principle 3 of 300 on Board Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-004.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-004-a-mature-board-does-not-ask-for-fear-it-asks-for-choices-exposure-and-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 004: A mature board does not ask for fear; it asks for choices, exposure an</image:title>
      <image:caption>A mature board does not ask for fear; it asks for choices, exposure and proof. — Professor Kai London, CISO. Principle 4 of 300 on Board Reporting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-005.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-005-security-without-ownership-becomes-theatre-ownership-without-evidence-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 005: Security without ownership becomes theatre; ownership without evidence</image:title>
      <image:caption>Security without ownership becomes theatre; ownership without evidence becomes exposure. — Professor Kai London, CISO. Principle 5 of 300 on Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-006.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-006-the-best-security-leaders-make-complex-risk-simple-enough-to-govern.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 006: The best security leaders make complex risk simple enough to govern.</image:title>
      <image:caption>The best security leaders make complex risk simple enough to govern. — Professor Kai London, CISO. Principle 6 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-007.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-007-compliance-is-the-starting-line-resilience-is-the-value-clients-pay-to.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 007: Compliance is the starting line; resilience is the value clients pay t</image:title>
      <image:caption>Compliance is the starting line; resilience is the value clients pay to secure. — Professor Kai London, CISO. Principle 7 of 300 on Compliance / Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-008.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-008-a-cyber-strategy-wins-when-it-protects-growth-as-clearly-as-it-reduces.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 008: A cyber strategy wins when it protects growth as clearly as it reduces</image:title>
      <image:caption>A cyber strategy wins when it protects growth as clearly as it reduces risk. — Professor Kai London, CISO. Principle 8 of 300 on Strategy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-009.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-009-the-strongest-control-is-one-the-business-can-operate-after-the-consul.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 009: The strongest control is one the business can operate after the consul</image:title>
      <image:caption>The strongest control is one the business can operate after the consultant exits. — Professor Kai London, CISO. Principle 9 of 300 on Delivery.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-010.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-010-great-consultants-do-not-sell-complexity-they-remove-uncertainty.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 010: Great consultants do not sell complexity; they remove uncertainty.</image:title>
      <image:caption>Great consultants do not sell complexity; they remove uncertainty. — Professor Kai London, CISO. Principle 10 of 300 on Advisory.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-011.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-011-a-good-architect-designs-controls-a-great-architect-designs-confidence.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 011: A good architect designs controls; a great architect designs confidenc</image:title>
      <image:caption>A good architect designs controls; a great architect designs confidence. — Professor Kai London, CISO. Principle 11 of 300 on Security Architecture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-012.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-012-resilience-is-the-discipline-of-keeping-business-promises-under-abnorm.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 012: Resilience is the discipline of keeping business promises under abnorm</image:title>
      <image:caption>Resilience is the discipline of keeping business promises under abnormal conditions. — Professor Kai London, CISO. Principle 12 of 300 on Operational Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-013.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-013-cybersecurity-earns-trust-when-it-speaks-in-outcomes-instead-of-acrony.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 013: Cybersecurity earns trust when it speaks in outcomes instead of acrony</image:title>
      <image:caption>Cybersecurity earns trust when it speaks in outcomes instead of acronyms. — Professor Kai London, CISO. Principle 13 of 300 on Communication.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-014.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-014-the-winning-roadmap-shows-what-to-fix-first-why-it-matters-and-how-suc.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 014: The winning roadmap shows what to fix first, why it matters and how su</image:title>
      <image:caption>The winning roadmap shows what to fix first, why it matters and how success will be proven. — Professor Kai London, CISO. Principle 14 of 300 on Roadmap.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-015.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-015-risk-reduction-persuades-faster-than-technical-perfection.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 015: Risk reduction persuades faster than technical perfection.</image:title>
      <image:caption>Risk reduction persuades faster than technical perfection. — Professor Kai London, CISO. Principle 15 of 300 on Delivery.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-016.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-016-the-true-risk-appetite-of-an-organisation-is-revealed-by-what-it-funds.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 016: The true risk appetite of an organisation is revealed by what it funds</image:title>
      <image:caption>The true risk appetite of an organisation is revealed by what it funds consistently. — Professor Kai London, CISO. Principle 16 of 300 on Risk Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-017.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-017-a-dashboard-no-executive-acts-on-is-decoration-not-governance.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 017: A dashboard no executive acts on is decoration, not governance.</image:title>
      <image:caption>A dashboard no executive acts on is decoration, not governance. — Professor Kai London, CISO. Principle 17 of 300 on Reporting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-018.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-018-boards-need-fewer-metrics-sharper-signals-and-clearer-decisions.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 018: Boards need fewer metrics, sharper signals and clearer decisions.</image:title>
      <image:caption>Boards need fewer metrics, sharper signals and clearer decisions. — Professor Kai London, CISO. Principle 18 of 300 on Board Reporting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-019.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-019-a-mature-cyber-function-gives-the-board-fewer-surprises-and-better-opt.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 019: A mature cyber function gives the board fewer surprises and better opt</image:title>
      <image:caption>A mature cyber function gives the board fewer surprises and better options. — Professor Kai London, CISO. Principle 19 of 300 on Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-021.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-021-every-control-needs-an-owner-a-purpose-a-cadence-and-proof.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 021: Every control needs an owner, a purpose, a cadence and proof.</image:title>
      <image:caption>Every control needs an owner, a purpose, a cadence and proof. — Professor Kai London, CISO. Principle 21 of 300 on Controls.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-022.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-022-a-control-without-ownership-is-a-future-audit-finding-waiting-politely.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 022: A control without ownership is a future audit finding waiting politely</image:title>
      <image:caption>A control without ownership is a future audit finding waiting politely. — Professor Kai London, CISO. Principle 22 of 300 on Audit Readiness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-023.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-023-a-policy-without-adoption-is-only-a-document-with-ambition.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 023: A policy without adoption is only a document with ambition.</image:title>
      <image:caption>A policy without adoption is only a document with ambition. — Professor Kai London, CISO. Principle 23 of 300 on Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-024.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-024-cyber-leadership-turns-uncertainty-into-accountable-decisions.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 024: Cyber leadership turns uncertainty into accountable decisions.</image:title>
      <image:caption>Cyber leadership turns uncertainty into accountable decisions. — Professor Kai London, CISO. Principle 24 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-025.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-025-the-client-buys-confidence-before-capability-and-renewal-before-perfec.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 025: The client buys confidence before capability and renewal before perfec</image:title>
      <image:caption>The client buys confidence before capability and renewal before perfection. — Professor Kai London, CISO. Principle 25 of 300 on Consulting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-026.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-026-a-first-conversation-should-make-the-client-feel-safer-clearer-and-bet.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 026: A first conversation should make the client feel safer, clearer and be</image:title>
      <image:caption>A first conversation should make the client feel safer, clearer and better led. — Professor Kai London, CISO. Principle 26 of 300 on Advisory.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-027.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-027-serious-execution-attracts-serious-contracts.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 027: Serious execution attracts serious contracts.</image:title>
      <image:caption>Serious execution attracts serious contracts. — Professor Kai London, CISO. Principle 27 of 300 on Professional Brand.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-028.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-028-calm-precision-wins-more-trust-than-exaggerated-urgency.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 028: Calm precision wins more trust than exaggerated urgency.</image:title>
      <image:caption>Calm precision wins more trust than exaggerated urgency. — Professor Kai London, CISO. Principle 28 of 300 on Executive Tone.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-029.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-029-the-stronger-the-evidence-trail-the-easier-the-commercial-decision-bec.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 029: The stronger the evidence trail, the easier the commercial decision be</image:title>
      <image:caption>The stronger the evidence trail, the easier the commercial decision becomes. — Professor Kai London, CISO. Principle 29 of 300 on Evidence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-030.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-030-a-premium-consultant-brings-judgement-not-just-knowledge.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 030: A premium consultant brings judgement, not just knowledge.</image:title>
      <image:caption>A premium consultant brings judgement, not just knowledge. — Professor Kai London, CISO. Principle 30 of 300 on Advisory.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-031.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-031-technical-depth-wins-respect-commercial-clarity-wins-contracts.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 031: Technical depth wins respect; commercial clarity wins contracts.</image:title>
      <image:caption>Technical depth wins respect; commercial clarity wins contracts. — Professor Kai London, CISO. Principle 31 of 300 on Personal Brand.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-032.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-032-authority-grows-when-competence-is-repeatedly-proven-through-outcomes.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 032: Authority grows when competence is repeatedly proven through outcomes.</image:title>
      <image:caption>Authority grows when competence is repeatedly proven through outcomes. — Professor Kai London, CISO. Principle 32 of 300 on Reputation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-033.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-033-original-thinking-attracts-attention-useful-thinking-attracts-work.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 033: Original thinking attracts attention; useful thinking attracts work.</image:title>
      <image:caption>Original thinking attracts attention; useful thinking attracts work. — Professor Kai London, CISO. Principle 33 of 300 on Thought Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-034.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-034-the-strongest-brand-signal-is-a-reliable-body-of-delivered-work.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 034: The strongest brand signal is a reliable body of delivered work.</image:title>
      <image:caption>The strongest brand signal is a reliable body of delivered work. — Professor Kai London, CISO. Principle 34 of 300 on Brand Authority.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-035.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-035-the-market-remembers-specialists-who-make-difficult-work-feel-controll.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 035: The market remembers specialists who make difficult work feel controll</image:title>
      <image:caption>The market remembers specialists who make difficult work feel controlled. — Professor Kai London, CISO. Principle 35 of 300 on Positioning.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-036.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-036-a-strong-market-position-is-specific-memorable-and-defensible.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 036: A strong market position is specific, memorable and defensible.</image:title>
      <image:caption>A strong market position is specific, memorable and defensible. — Professor Kai London, CISO. Principle 36 of 300 on Branding.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-037.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-037-being-easy-to-trust-makes-being-hired-easier.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 037: Being easy to trust makes being hired easier.</image:title>
      <image:caption>Being easy to trust makes being hired easier. — Professor Kai London, CISO. Principle 37 of 300 on Contract Readiness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-038.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-038-deliver-more-certainty-than-the-client-expected-to-buy.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 038: Deliver more certainty than the client expected to buy.</image:title>
      <image:caption>Deliver more certainty than the client expected to buy. — Professor Kai London, CISO. Principle 38 of 300 on Consulting Value.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-039.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-039-durable-reputations-are-built-on-repeatable-value-not-one-off-visibili.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 039: Durable reputations are built on repeatable value, not one-off visibil</image:title>
      <image:caption>Durable reputations are built on repeatable value, not one-off visibility. — Professor Kai London, CISO. Principle 39 of 300 on Reputation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-040.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-040-the-best-professional-voice-is-confident-useful-and-restrained.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 040: The best professional voice is confident, useful and restrained.</image:title>
      <image:caption>The best professional voice is confident, useful and restrained. — Professor Kai London, CISO. Principle 40 of 300 on Executive Presence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-041.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-041-defence-is-not-the-absence-of-compromise-it-is-the-compression-of-impa.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 041: Defence is not the absence of compromise; it is the compression of imp</image:title>
      <image:caption>Defence is not the absence of compromise; it is the compression of impact. — Professor Kai London, CISO. Principle 41 of 300 on Cyber Defence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-042.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-042-assume-breach-but-never-assume-defeat.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 042: Assume breach, but never assume defeat.</image:title>
      <image:caption>Assume breach, but never assume defeat. — Professor Kai London, CISO. Principle 42 of 300 on Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-043.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-043-an-attacker-needs-one-path-the-defender-must-understand-the-full-map.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 043: An attacker needs one path; the defender must understand the full map.</image:title>
      <image:caption>An attacker needs one path; the defender must understand the full map. — Professor Kai London, CISO. Principle 43 of 300 on Threat Defence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-044.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-044-detection-without-triage-is-expensive-noise.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 044: Detection without triage is expensive noise.</image:title>
      <image:caption>Detection without triage is expensive noise. — Professor Kai London, CISO. Principle 44 of 300 on SecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-045.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-045-normal-behaviour-must-be-visible-before-abnormal-behaviour-can-be-trus.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 045: Normal behaviour must be visible before abnormal behaviour can be trus</image:title>
      <image:caption>Normal behaviour must be visible before abnormal behaviour can be trusted. — Professor Kai London, CISO. Principle 45 of 300 on Detection.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-046.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-046-backups-are-not-resilience-until-restoration-is-proven-under-pressure.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 046: Backups are not resilience until restoration is proven under pressure.</image:title>
      <image:caption>Backups are not resilience until restoration is proven under pressure. — Professor Kai London, CISO. Principle 46 of 300 on Recovery.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-047.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-047-patch-velocity-is-leadership-discipline-expressed-through-technology-o.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 047: Patch velocity is leadership discipline expressed through technology o</image:title>
      <image:caption>Patch velocity is leadership discipline expressed through technology operations. — Professor Kai London, CISO. Principle 47 of 300 on Vulnerability Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-048.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-048-identity-is-the-control-plane-of-modern-enterprise-trust.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 048: Identity is the control plane of modern enterprise trust.</image:title>
      <image:caption>Identity is the control plane of modern enterprise trust. — Professor Kai London, CISO. Principle 48 of 300 on IAM / Zero Trust.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-049.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-049-least-privilege-is-not-a-setting-it-is-a-habit-the-organisation-must-k.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 049: Least privilege is not a setting; it is a habit the organisation must </image:title>
      <image:caption>Least privilege is not a setting; it is a habit the organisation must keep. — Professor Kai London, CISO. Principle 49 of 300 on Access Control.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-050.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-050-every-credential-is-a-key-and-every-forgotten-key-is-unmanaged-risk.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 050: Every credential is a key, and every forgotten key is unmanaged risk.</image:title>
      <image:caption>Every credential is a key, and every forgotten key is unmanaged risk. — Professor Kai London, CISO. Principle 50 of 300 on Identity Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-051.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-051-privileged-access-is-where-accountability-must-be-strongest.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 051: Privileged access is where accountability must be strongest.</image:title>
      <image:caption>Privileged access is where accountability must be strongest. — Professor Kai London, CISO. Principle 51 of 300 on PAM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-052.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-052-zero-trust-works-best-as-business-trust-with-technical-verification.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 052: Zero Trust works best as business trust with technical verification.</image:title>
      <image:caption>Zero Trust works best as business trust with technical verification. — Professor Kai London, CISO. Principle 52 of 300 on Zero Trust.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-053.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-053-access-should-be-simple-for-the-right-person-and-difficult-for-everyon.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 053: Access should be simple for the right person and difficult for everyon</image:title>
      <image:caption>Access should be simple for the right person and difficult for everyone else. — Professor Kai London, CISO. Principle 53 of 300 on IAM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-054.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-054-segmentation-turns-enterprise-compromise-into-contained-impact.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 054: Segmentation turns enterprise compromise into contained impact.</image:title>
      <image:caption>Segmentation turns enterprise compromise into contained impact. — Professor Kai London, CISO. Principle 54 of 300 on Network Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-055.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-055-the-control-you-never-test-becomes-the-control-the-attacker-tests-firs.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 055: The control you never test becomes the control the attacker tests firs</image:title>
      <image:caption>The control you never test becomes the control the attacker tests first. — Professor Kai London, CISO. Principle 55 of 300 on Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-056.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-056-encryption-protects-data-key-governance-protects-encryption.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 056: Encryption protects data; key governance protects encryption.</image:title>
      <image:caption>Encryption protects data; key governance protects encryption. — Professor Kai London, CISO. Principle 56 of 300 on Data Protection.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-057.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-057-a-security-tool-that-cannot-be-operated-is-risk-with-a-licence-fee.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 057: A security tool that cannot be operated is risk with a licence fee.</image:title>
      <image:caption>A security tool that cannot be operated is risk with a licence fee. — Professor Kai London, CISO. Principle 57 of 300 on SecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-058.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-058-complexity-is-an-attack-surface-no-vendor-fully-removes.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 058: Complexity is an attack surface no vendor fully removes.</image:title>
      <image:caption>Complexity is an attack surface no vendor fully removes. — Professor Kai London, CISO. Principle 58 of 300 on Architecture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-059.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-059-recovery-time-is-a-promise-recovery-evidence-is-the-proof.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 059: Recovery time is a promise; recovery evidence is the proof.</image:title>
      <image:caption>Recovery time is a promise; recovery evidence is the proof. — Professor Kai London, CISO. Principle 59 of 300 on Continuity.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-060.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-060-hardening-is-respect-for-adversary-patience.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 060: Hardening is respect for adversary patience.</image:title>
      <image:caption>Hardening is respect for adversary patience. — Professor Kai London, CISO. Principle 60 of 300 on Defence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-061.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-061-logs-only-create-value-when-someone-can-read-correlate-and-act-on-them.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 061: Logs only create value when someone can read, correlate and act on the</image:title>
      <image:caption>Logs only create value when someone can read, correlate and act on them. — Professor Kai London, CISO. Principle 61 of 300 on Monitoring.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-062.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-062-a-strong-firewall-cannot-compensate-for-weak-judgement-at-the-inbox.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 062: A strong firewall cannot compensate for weak judgement at the inbox.</image:title>
      <image:caption>A strong firewall cannot compensate for weak judgement at the inbox. — Professor Kai London, CISO. Principle 62 of 300 on Human Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-063.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-063-endpoint-security-succeeds-when-behaviour-identity-and-context-meet.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 063: Endpoint security succeeds when behaviour, identity and context meet.</image:title>
      <image:caption>Endpoint security succeeds when behaviour, identity and context meet. — Professor Kai London, CISO. Principle 63 of 300 on Endpoint Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-064.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-064-vulnerability-management-is-prioritisation-under-business-constraint.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 064: Vulnerability management is prioritisation under business constraint.</image:title>
      <image:caption>Vulnerability management is prioritisation under business constraint. — Professor Kai London, CISO. Principle 64 of 300 on Vulnerability Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-065.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-065-the-best-defence-programmes-know-which-systems-matter-most-before-the-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 065: The best defence programmes know which systems matter most before the </image:title>
      <image:caption>The best defence programmes know which systems matter most before the attack starts. — Professor Kai London, CISO. Principle 65 of 300 on Asset Criticality.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-066.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-066-resilience-is-measured-on-the-worst-day-not-the-average-quarter.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 066: Resilience is measured on the worst day, not the average quarter.</image:title>
      <image:caption>Resilience is measured on the worst day, not the average quarter. — Professor Kai London, CISO. Principle 66 of 300 on Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-067.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-067-security-posture-is-only-real-when-continuously-measured.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 067: Security posture is only real when continuously measured.</image:title>
      <image:caption>Security posture is only real when continuously measured. — Professor Kai London, CISO. Principle 67 of 300 on Continuous Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-068.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-068-a-secure-architecture-must-explain-itself-to-engineers-auditors-and-ex.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 068: A secure architecture must explain itself to engineers, auditors and e</image:title>
      <image:caption>A secure architecture must explain itself to engineers, auditors and executives. — Professor Kai London, CISO. Principle 68 of 300 on Architecture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-069.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-069-security-operations-should-reduce-uncertainty-faster-than-the-attacker.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 069: Security operations should reduce uncertainty faster than the attacker</image:title>
      <image:caption>Security operations should reduce uncertainty faster than the attacker creates it. — Professor Kai London, CISO. Principle 69 of 300 on SecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-070.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-070-threat-response-fails-when-escalation-paths-are-discovered-during-the-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 070: Threat response fails when escalation paths are discovered during the </image:title>
      <image:caption>Threat response fails when escalation paths are discovered during the incident. — Professor Kai London, CISO. Principle 70 of 300 on Incident Response.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-071.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-071-ai-security-starts-where-data-accountability-begins.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 071: AI security starts where data accountability begins.</image:title>
      <image:caption>AI security starts where data accountability begins. — Professor Kai London, CISO. Principle 71 of 300 on AI Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-072.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-072-ai-is-a-privacy-and-security-challenge-before-it-becomes-an-innovation.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 072: AI is a privacy and security challenge before it becomes an innovation</image:title>
      <image:caption>AI is a privacy and security challenge before it becomes an innovation story. — Professor Kai London, CISO. Principle 72 of 300 on AI Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-073.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-073-a-model-you-cannot-explain-is-a-decision-you-cannot-defend.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 073: A model you cannot explain is a decision you cannot defend.</image:title>
      <image:caption>A model you cannot explain is a decision you cannot defend. — Professor Kai London, CISO. Principle 73 of 300 on AI Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-074.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-074-ungoverned-ai-hides-human-judgement-behind-automated-confidence.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 074: Ungoverned AI hides human judgement behind automated confidence.</image:title>
      <image:caption>Ungoverned AI hides human judgement behind automated confidence. — Professor Kai London, CISO. Principle 74 of 300 on AI Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-075.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-075-every-model-inherits-the-quality-bias-and-secrets-of-the-data-that-sha.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 075: Every model inherits the quality, bias and secrets of the data that sh</image:title>
      <image:caption>Every model inherits the quality, bias and secrets of the data that shaped it. — Professor Kai London, CISO. Principle 75 of 300 on AI Data Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-076.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-076-shadow-ai-is-best-solved-with-guardrails-visibility-and-safe-alternati.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 076: Shadow AI is best solved with guardrails, visibility and safe alternat</image:title>
      <image:caption>Shadow AI is best solved with guardrails, visibility and safe alternatives. — Professor Kai London, CISO. Principle 76 of 300 on Shadow AI.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-077.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-077-shadow-ai-becomes-insider-risk-when-data-leaves-approved-control-paths.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 077: Shadow AI becomes insider risk when data leaves approved control paths</image:title>
      <image:caption>Shadow AI becomes insider risk when data leaves approved control paths. — Professor Kai London, CISO. Principle 77 of 300 on AI Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-078.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-078-if-you-cannot-audit-the-prompt-you-cannot-certify-the-outcome.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 078: If you cannot audit the prompt, you cannot certify the outcome.</image:title>
      <image:caption>If you cannot audit the prompt, you cannot certify the outcome. — Professor Kai London, CISO. Principle 78 of 300 on AI Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-079.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-079-automation-scales-strong-decisions-and-weak-controls-with-equal-speed.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 079: Automation scales strong decisions and weak controls with equal speed.</image:title>
      <image:caption>Automation scales strong decisions and weak controls with equal speed. — Professor Kai London, CISO. Principle 79 of 300 on AI Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-080.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-080-the-ai-question-is-not-only-what-it-can-do-but-who-answers-when-it-fai.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 080: The AI question is not only what it can do, but who answers when it fa</image:title>
      <image:caption>The AI question is not only what it can do, but who answers when it fails. — Professor Kai London, CISO. Principle 80 of 300 on AI Accountability.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-081.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-081-training-data-is-a-supply-chain-and-deserves-supply-chain-discipline.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 081: Training data is a supply chain and deserves supply-chain discipline.</image:title>
      <image:caption>Training data is a supply chain and deserves supply-chain discipline. — Professor Kai London, CISO. Principle 81 of 300 on AI Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-082.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-082-an-unmonitored-ai-guardrail-is-only-a-suggestion.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 082: An unmonitored AI guardrail is only a suggestion.</image:title>
      <image:caption>An unmonitored AI guardrail is only a suggestion. — Professor Kai London, CISO. Principle 82 of 300 on AI Controls.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-083.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-083-human-in-the-loop-fails-when-the-human-is-trained-only-to-approve.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 083: Human-in-the-loop fails when the human is trained only to approve.</image:title>
      <image:caption>Human-in-the-loop fails when the human is trained only to approve. — Professor Kai London, CISO. Principle 83 of 300 on AI Oversight.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-084.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-084-ai-governance-means-controlling-machine-speed-decisions-with-human-con.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 084: AI governance means controlling machine-speed decisions with human con</image:title>
      <image:caption>AI governance means controlling machine-speed decisions with human consequences. — Professor Kai London, CISO. Principle 84 of 300 on AI Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-085.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-085-the-most-dangerous-ai-output-is-the-plausible-one.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 085: The most dangerous AI output is the plausible one.</image:title>
      <image:caption>The most dangerous AI output is the plausible one. — Professor Kai London, CISO. Principle 85 of 300 on AI Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-086.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-086-ethics-cannot-be-bolted-on-after-a-system-has-learned-to-optimise-with.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 086: Ethics cannot be bolted on after a system has learned to optimise with</image:title>
      <image:caption>Ethics cannot be bolted on after a system has learned to optimise without it. — Professor Kai London, CISO. Principle 86 of 300 on AI by Design.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-087.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-087-model-performance-is-a-lab-metric-model-behaviour-is-enterprise-risk.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 087: Model performance is a lab metric; model behaviour is enterprise risk.</image:title>
      <image:caption>Model performance is a lab metric; model behaviour is enterprise risk. — Professor Kai London, CISO. Principle 87 of 300 on AI Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-088.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-088-an-ai-system-is-trustworthy-only-when-it-can-be-paused-explained-and-c.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 088: An AI system is trustworthy only when it can be paused, explained and </image:title>
      <image:caption>An AI system is trustworthy only when it can be paused, explained and controlled. — Professor Kai London, CISO. Principle 88 of 300 on AI Safety.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-089.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-089-every-autonomous-agent-needs-a-boundary-a-log-and-a-named-owner.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 089: Every autonomous agent needs a boundary, a log and a named owner.</image:title>
      <image:caption>Every autonomous agent needs a boundary, a log and a named owner. — Professor Kai London, CISO. Principle 89 of 300 on Agentic AI.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-090.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-090-data-minimisation-is-the-cheapest-ai-risk-control-ever-invented.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 090: Data minimisation is the cheapest AI risk control ever invented.</image:title>
      <image:caption>Data minimisation is the cheapest AI risk control ever invented. — Professor Kai London, CISO. Principle 90 of 300 on Privacy / AI.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-091.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-091-if-the-model-touches-personal-data-governance-must-already-be-in-the-r.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 091: If the model touches personal data, governance must already be in the </image:title>
      <image:caption>If the model touches personal data, governance must already be in the room. — Professor Kai London, CISO. Principle 91 of 300 on AI Compliance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-092.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-092-defensive-prompt-discipline-is-now-part-of-the-enterprise-control-fram.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 092: Defensive prompt discipline is now part of the enterprise control fram</image:title>
      <image:caption>Defensive prompt discipline is now part of the enterprise control framework. — Professor Kai London, CISO. Principle 92 of 300 on AI Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-093.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-093-output-validation-is-the-bridge-between-ai-usefulness-and-operational-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 093: Output validation is the bridge between AI usefulness and operational </image:title>
      <image:caption>Output validation is the bridge between AI usefulness and operational trust. — Professor Kai London, CISO. Principle 93 of 300 on AI Controls.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-094.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-094-vector-databases-hold-enterprise-memory-and-must-be-secured-as-critica.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 094: Vector databases hold enterprise memory and must be secured as critica</image:title>
      <image:caption>Vector databases hold enterprise memory and must be secured as critical assets. — Professor Kai London, CISO. Principle 94 of 300 on AI / Data Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-095.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-095-ai-red-teaming-must-evolve-at-the-pace-of-the-systems-it-tests.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 095: AI red-teaming must evolve at the pace of the systems it tests.</image:title>
      <image:caption>AI red-teaming must evolve at the pace of the systems it tests. — Professor Kai London, CISO. Principle 95 of 300 on AI Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-096.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-096-data-poisoning-turns-ai-adoption-into-a-supply-chain-security-problem.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 096: Data poisoning turns AI adoption into a supply-chain security problem.</image:title>
      <image:caption>Data poisoning turns AI adoption into a supply-chain security problem. — Professor Kai London, CISO. Principle 96 of 300 on AI Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-097.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-097-algorithmic-transparency-is-a-market-advantage-when-systems-affect-peo.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 097: Algorithmic transparency is a market advantage when systems affect peo</image:title>
      <image:caption>Algorithmic transparency is a market advantage when systems affect people. — Professor Kai London, CISO. Principle 97 of 300 on AI Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-098.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-098-responsible-ai-is-not-brand-decoration-it-is-operational-eligibility.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 098: Responsible AI is not brand decoration; it is operational eligibility.</image:title>
      <image:caption>Responsible AI is not brand decoration; it is operational eligibility. — Professor Kai London, CISO. Principle 98 of 300 on AI Ethics.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-099.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-099-ai-assurance-should-be-designed-before-ai-scale-is-achieved.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 099: AI assurance should be designed before AI scale is achieved.</image:title>
      <image:caption>AI assurance should be designed before AI scale is achieved. — Professor Kai London, CISO. Principle 99 of 300 on AI Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-100.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-100-agentic-ai-needs-delegated-authority-but-never-delegated-accountabilit.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 100: Agentic AI needs delegated authority, but never delegated accountabili</image:title>
      <image:caption>Agentic AI needs delegated authority, but never delegated accountability. — Professor Kai London, CISO. Principle 100 of 300 on Agentic AI.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-101.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-101-ot-security-protects-continuity-safety-and-trust-not-just-networks.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 101: OT security protects continuity, safety and trust, not just networks.</image:title>
      <image:caption>OT security protects continuity, safety and trust, not just networks. — Professor Kai London, CISO. Principle 101 of 300 on OT Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-102.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-102-in-ot-security-must-protect-operations-without-disrupting-them.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 102: In OT, security must protect operations without disrupting them.</image:title>
      <image:caption>In OT, security must protect operations without disrupting them. — Professor Kai London, CISO. Principle 102 of 300 on OT Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-103.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-103-critical-systems-need-security-that-understands-consequence-not-only-c.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 103: Critical systems need security that understands consequence, not only </image:title>
      <image:caption>Critical systems need security that understands consequence, not only configuration. — Professor Kai London, CISO. Principle 103 of 300 on Critical Infrastructure.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-104.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-104-in-it-downtime-disrupts-service-in-ot-failure-can-affect-safety.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 104: In IT, downtime disrupts service; in OT, failure can affect safety.</image:title>
      <image:caption>In IT, downtime disrupts service; in OT, failure can affect safety. — Professor Kai London, CISO. Principle 104 of 300 on OT Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-105.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-105-availability-is-the-first-language-of-the-plant-floor.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 105: Availability is the first language of the plant floor.</image:title>
      <image:caption>Availability is the first language of the plant floor. — Professor Kai London, CISO. Principle 105 of 300 on OT Priorities.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-106.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-106-the-gap-between-it-and-ot-is-where-attackers-look-for-bridges.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 106: The gap between IT and OT is where attackers look for bridges.</image:title>
      <image:caption>The gap between IT and OT is where attackers look for bridges. — Professor Kai London, CISO. Principle 106 of 300 on IT / OT Convergence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-107.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-107-safety-systems-and-security-systems-must-not-conflict-during-an-incide.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 107: Safety systems and security systems must not conflict during an incide</image:title>
      <image:caption>Safety systems and security systems must not conflict during an incident. — Professor Kai London, CISO. Principle 107 of 300 on Safety / Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-108.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-108-legacy-is-not-an-excuse-it-is-a-risk-with-an-owner-and-a-plan.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 108: Legacy is not an excuse; it is a risk with an owner and a plan.</image:title>
      <image:caption>Legacy is not an excuse; it is a risk with an owner and a plan. — Professor Kai London, CISO. Principle 108 of 300 on OT Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-109.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-109-plant-floor-visibility-is-stewardship-not-surveillance.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 109: Plant-floor visibility is stewardship, not surveillance.</image:title>
      <image:caption>Plant-floor visibility is stewardship, not surveillance. — Professor Kai London, CISO. Principle 109 of 300 on OT Monitoring.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-110.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-110-remote-access-into-ot-must-be-treated-as-a-critical-control-path.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 110: Remote access into OT must be treated as a critical control path.</image:title>
      <image:caption>Remote access into OT must be treated as a critical control path. — Professor Kai London, CISO. Principle 110 of 300 on OT Access.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-111.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-111-the-engineer-who-keeps-the-line-running-is-one-of-the-strongest-securi.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 111: The engineer who keeps the line running is one of the strongest securi</image:title>
      <image:caption>The engineer who keeps the line running is one of the strongest security controls. — Professor Kai London, CISO. Principle 111 of 300 on OT Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-112.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-112-uptime-and-security-are-not-opponents-separating-them-weakens-both.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 112: Uptime and security are not opponents; separating them weakens both.</image:title>
      <image:caption>Uptime and security are not opponents; separating them weakens both. — Professor Kai London, CISO. Principle 112 of 300 on OT Strategy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-113.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-113-know-the-safe-state-before-an-incident-forces-the-question.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 113: Know the safe state before an incident forces the question.</image:title>
      <image:caption>Know the safe state before an incident forces the question. — Professor Kai London, CISO. Principle 113 of 300 on OT Safety.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-114.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-114-in-critical-infrastructure-resilience-is-a-public-duty-and-a-business-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 114: In critical infrastructure, resilience is a public duty and a business</image:title>
      <image:caption>In critical infrastructure, resilience is a public duty and a business responsibility. — Professor Kai London, CISO. Principle 114 of 300 on CNI.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-115.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-115-every-unverified-digital-input-in-ot-may-create-physical-world-consequ.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 115: Every unverified digital input in OT may create physical-world consequ</image:title>
      <image:caption>Every unverified digital input in OT may create physical-world consequence. — Professor Kai London, CISO. Principle 115 of 300 on OT / ICS.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-116.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-116-industrial-systems-need-behavioural-monitoring-based-on-process-realit.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 116: Industrial systems need behavioural monitoring based on process realit</image:title>
      <image:caption>Industrial systems need behavioural monitoring based on process reality. — Professor Kai London, CISO. Principle 116 of 300 on OT Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-117.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-117-an-air-gap-should-be-validated-as-a-control-not-assumed-as-a-comfort.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 117: An air gap should be validated as a control, not assumed as a comfort.</image:title>
      <image:caption>An air gap should be validated as a control, not assumed as a comfort. — Professor Kai London, CISO. Principle 117 of 300 on OT Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-118.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-118-legacy-scada-requires-compensating-controls-that-respect-operational-c.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 118: Legacy SCADA requires compensating controls that respect operational c</image:title>
      <image:caption>Legacy SCADA requires compensating controls that respect operational constraint. — Professor Kai London, CISO. Principle 118 of 300 on ICS Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-119.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-119-iot-security-must-include-certificate-lifecycle-renewal-and-retirement.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 119: IoT security must include certificate lifecycle, renewal and retiremen</image:title>
      <image:caption>IoT security must include certificate lifecycle, renewal and retirement planning. — Professor Kai London, CISO. Principle 119 of 300 on IoT Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-120.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-120-vendor-access-to-industrial-systems-must-be-governed-as-a-high-consequ.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 120: Vendor access to industrial systems must be governed as a high-consequ</image:title>
      <image:caption>Vendor access to industrial systems must be governed as a high-consequence pathway. — Professor Kai London, CISO. Principle 120 of 300 on OT Third-Party Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-121.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-121-it-and-ot-convergence-needs-one-risk-language-across-data-process-and-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 121: IT and OT convergence needs one risk language across data, process and</image:title>
      <image:caption>IT and OT convergence needs one risk language across data, process and physics. — Professor Kai London, CISO. Principle 121 of 300 on IT / OT Convergence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-122.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-122-passive-visibility-is-often-the-safest-first-step-in-fragile-ot-enviro.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 122: Passive visibility is often the safest first step in fragile OT enviro</image:title>
      <image:caption>Passive visibility is often the safest first step in fragile OT environments. — Professor Kai London, CISO. Principle 122 of 300 on OT Monitoring.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-123.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-123-plc-security-matters-because-digital-compromise-can-become-physical-ac.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 123: PLC security matters because digital compromise can become physical ac</image:title>
      <image:caption>PLC security matters because digital compromise can become physical action. — Professor Kai London, CISO. Principle 123 of 300 on PLC Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-124.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-124-ot-incident-response-must-include-engineering-reality-not-only-it-proc.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 124: OT incident response must include engineering reality, not only IT pro</image:title>
      <image:caption>OT incident response must include engineering reality, not only IT procedure. — Professor Kai London, CISO. Principle 124 of 300 on OT IR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-125.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-125-critical-infrastructure-defence-moves-at-the-speed-of-trust-between-op.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 125: Critical infrastructure defence moves at the speed of trust between op</image:title>
      <image:caption>Critical infrastructure defence moves at the speed of trust between operations and security. — Professor Kai London, CISO. Principle 125 of 300 on OT Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-126.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-126-third-party-risk-remains-first-party-accountability.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 126: Third-party risk remains first-party accountability.</image:title>
      <image:caption>Third-party risk remains first-party accountability. — Professor Kai London, CISO. Principle 126 of 300 on Supplier Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-127.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-127-a-supplier-s-weakest-control-can-become-your-strongest-regulatory-expo.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 127: A supplier&#x27;s weakest control can become your strongest regulatory expo</image:title>
      <image:caption>A supplier&#x27;s weakest control can become your strongest regulatory exposure. — Professor Kai London, CISO. Principle 127 of 300 on Vendor Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-128.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-128-work-can-be-outsourced-accountability-cannot.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 128: Work can be outsourced; accountability cannot.</image:title>
      <image:caption>Work can be outsourced; accountability cannot. — Professor Kai London, CISO. Principle 128 of 300 on Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-129.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-129-a-questionnaire-is-a-promise-evidence-is-the-proof.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 129: A questionnaire is a promise; evidence is the proof.</image:title>
      <image:caption>A questionnaire is a promise; evidence is the proof. — Professor Kai London, CISO. Principle 129 of 300 on Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-130.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-130-the-cloud-may-run-elsewhere-but-accountability-remains-with-the-busine.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 130: The cloud may run elsewhere, but accountability remains with the busin</image:title>
      <image:caption>The cloud may run elsewhere, but accountability remains with the business. — Professor Kai London, CISO. Principle 130 of 300 on Cloud Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-131.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-131-concentration-risk-is-the-quiet-cost-of-everyone-trusting-the-same-pro.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 131: Concentration risk is the quiet cost of everyone trusting the same pro</image:title>
      <image:caption>Concentration risk is the quiet cost of everyone trusting the same provider. — Professor Kai London, CISO. Principle 131 of 300 on Systemic Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-132.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-132-a-contract-without-security-obligations-signs-risk-in-advance.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 132: A contract without security obligations signs risk in advance.</image:title>
      <image:caption>A contract without security obligations signs risk in advance. — Professor Kai London, CISO. Principle 132 of 300 on Procurement.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-133.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-133-fourth-party-exposure-matters-because-risk-rarely-stops-at-the-first-s.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 133: Fourth-party exposure matters because risk rarely stops at the first s</image:title>
      <image:caption>Fourth-party exposure matters because risk rarely stops at the first supplier. — Professor Kai London, CISO. Principle 133 of 300 on Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-134.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-134-due-diligence-that-ends-at-signing-becomes-delayed-exposure.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 134: Due diligence that ends at signing becomes delayed exposure.</image:title>
      <image:caption>Due diligence that ends at signing becomes delayed exposure. — Professor Kai London, CISO. Principle 134 of 300 on Third-Party Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-135.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-135-a-good-exit-plan-is-part-of-a-good-supplier-strategy.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 135: A good exit plan is part of a good supplier strategy.</image:title>
      <image:caption>A good exit plan is part of a good supplier strategy. — Professor Kai London, CISO. Principle 135 of 300 on Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-136.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-136-supplier-assurance-should-make-risk-visible-before-signatures-are-exch.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 136: Supplier assurance should make risk visible before signatures are exch</image:title>
      <image:caption>Supplier assurance should make risk visible before signatures are exchanged. — Professor Kai London, CISO. Principle 136 of 300 on Vendor Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-137.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-137-a-vendor-relationship-is-secure-only-when-obligations-and-evidence-sta.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 137: A vendor relationship is secure only when obligations and evidence sta</image:title>
      <image:caption>A vendor relationship is secure only when obligations and evidence stay current. — Professor Kai London, CISO. Principle 137 of 300 on Third-Party Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-138.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-138-contract-security-clauses-matter-most-when-the-incident-starts.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 138: Contract security clauses matter most when the incident starts.</image:title>
      <image:caption>Contract security clauses matter most when the incident starts. — Professor Kai London, CISO. Principle 138 of 300 on Contract Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-139.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-139-third-party-code-becomes-first-party-risk-when-it-enters-the-product.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 139: Third-party code becomes first-party risk when it enters the product.</image:title>
      <image:caption>Third-party code becomes first-party risk when it enters the product. — Professor Kai London, CISO. Principle 139 of 300 on Software Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-140.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-140-supplier-resilience-must-be-assessed-against-the-services-the-business.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 140: Supplier resilience must be assessed against the services the business</image:title>
      <image:caption>Supplier resilience must be assessed against the services the business cannot afford to lose. — Professor Kai London, CISO. Principle 140 of 300 on Operational Risk.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-141.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-141-a-processor-register-is-only-useful-if-it-reflects-operational-reality.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 141: A processor register is only useful if it reflects operational reality</image:title>
      <image:caption>A processor register is only useful if it reflects operational reality. — Professor Kai London, CISO. Principle 141 of 300 on Privacy / Vendor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-142.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-142-supplier-risk-cannot-be-managed-by-annual-paperwork-alone.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 142: Supplier risk cannot be managed by annual paperwork alone.</image:title>
      <image:caption>Supplier risk cannot be managed by annual paperwork alone. — Professor Kai London, CISO. Principle 142 of 300 on TPRM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-143.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-143-critical-vendors-deserve-evidence-reviews-not-reputation-based-trust.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 143: Critical vendors deserve evidence reviews, not reputation-based trust.</image:title>
      <image:caption>Critical vendors deserve evidence reviews, not reputation-based trust. — Professor Kai London, CISO. Principle 143 of 300 on Supplier Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-144.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-144-outsourcing-works-best-when-responsibility-lines-are-visible-before-fa.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 144: Outsourcing works best when responsibility lines are visible before fa</image:title>
      <image:caption>Outsourcing works best when responsibility lines are visible before failure. — Professor Kai London, CISO. Principle 144 of 300 on Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-145.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-145-the-safest-supplier-ecosystem-has-clear-ownership-tested-exits-and-cur.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 145: The safest supplier ecosystem has clear ownership, tested exits and cu</image:title>
      <image:caption>The safest supplier ecosystem has clear ownership, tested exits and current evidence. — Professor Kai London, CISO. Principle 145 of 300 on Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-146.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-146-privacy-engineering-belongs-in-design-architecture-and-code-before-leg.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 146: Privacy engineering belongs in design, architecture and code before le</image:title>
      <image:caption>Privacy engineering belongs in design, architecture and code before legal review. — Professor Kai London, CISO. Principle 146 of 300 on Privacy Engineering.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-147.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-147-data-sovereignty-turns-cloud-geography-into-a-governance-decision.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 147: Data sovereignty turns cloud geography into a governance decision.</image:title>
      <image:caption>Data sovereignty turns cloud geography into a governance decision. — Professor Kai London, CISO. Principle 147 of 300 on Data Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-148.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-148-consent-is-a-living-permission-model-not-a-static-checkbox.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 148: Consent is a living permission model, not a static checkbox.</image:title>
      <image:caption>Consent is a living permission model, not a static checkbox. — Professor Kai London, CISO. Principle 148 of 300 on Privacy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-149.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-149-data-minimisation-reduces-risk-by-removing-what-the-attacker-cannot-st.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 149: Data minimisation reduces risk by removing what the attacker cannot st</image:title>
      <image:caption>Data minimisation reduces risk by removing what the attacker cannot steal. — Professor Kai London, CISO. Principle 149 of 300 on Data Protection.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-150.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-150-anonymisation-needs-mathematical-confidence-pseudonymisation-needs-dis.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 150: Anonymisation needs mathematical confidence; pseudonymisation needs di</image:title>
      <image:caption>Anonymisation needs mathematical confidence; pseudonymisation needs disciplined protection. — Professor Kai London, CISO. Principle 150 of 300 on Privacy Engineering.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-151.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-151-cross-border-data-flows-require-lifecycle-mapping-before-risk-can-be-m.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 151: Cross-border data flows require lifecycle mapping before risk can be m</image:title>
      <image:caption>Cross-border data flows require lifecycle mapping before risk can be managed. — Professor Kai London, CISO. Principle 151 of 300 on Data Transfers.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-152.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-152-a-privacy-notice-should-clarify-trust-not-hide-it-in-legal-complexity.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 152: A privacy notice should clarify trust, not hide it in legal complexity</image:title>
      <image:caption>A privacy notice should clarify trust, not hide it in legal complexity. — Professor Kai London, CISO. Principle 152 of 300 on Transparency.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-153.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-153-biometric-data-deserves-exceptional-protection-because-it-cannot-be-re.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 153: Biometric data deserves exceptional protection because it cannot be re</image:title>
      <image:caption>Biometric data deserves exceptional protection because it cannot be reset like a password. — Professor Kai London, CISO. Principle 153 of 300 on Data Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-154.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-154-erasure-rights-require-architecture-that-can-find-isolate-and-remove-d.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 154: Erasure rights require architecture that can find, isolate and remove </image:title>
      <image:caption>Erasure rights require architecture that can find, isolate and remove data. — Professor Kai London, CISO. Principle 154 of 300 on GDPR / Lifecycle.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-155.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-155-reputational-damage-often-lasts-longer-than-the-regulatory-fine.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 155: Reputational damage often lasts longer than the regulatory fine.</image:title>
      <image:caption>Reputational damage often lasts longer than the regulatory fine. — Professor Kai London, CISO. Principle 155 of 300 on Reputation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-156.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-156-a-data-map-is-not-paperwork-it-is-the-enterprise-trust-map.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 156: A data map is not paperwork; it is the enterprise trust map.</image:title>
      <image:caption>A data map is not paperwork; it is the enterprise trust map. — Professor Kai London, CISO. Principle 156 of 300 on Data Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-157.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-157-the-business-cannot-protect-data-it-cannot-locate-classify-or-explain.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 157: The business cannot protect data it cannot locate, classify or explain</image:title>
      <image:caption>The business cannot protect data it cannot locate, classify or explain. — Professor Kai London, CISO. Principle 157 of 300 on Data Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-158.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-158-data-retention-without-purpose-is-liability-in-storage.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 158: Data retention without purpose is liability in storage.</image:title>
      <image:caption>Data retention without purpose is liability in storage. — Professor Kai London, CISO. Principle 158 of 300 on Retention.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-159.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-159-deletion-is-not-an-it-chore-it-is-a-trust-promise-fulfilled.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 159: Deletion is not an IT chore; it is a trust promise fulfilled.</image:title>
      <image:caption>Deletion is not an IT chore; it is a trust promise fulfilled. — Professor Kai London, CISO. Principle 159 of 300 on Erasure.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-160.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-160-a-dsar-is-a-stress-test-of-the-data-estate.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 160: A DSAR is a stress test of the data estate.</image:title>
      <image:caption>A DSAR is a stress test of the data estate. — Professor Kai London, CISO. Principle 160 of 300 on DSAR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-161.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-161-if-data-cannot-be-found-for-the-individual-it-cannot-be-protected-for-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 161: If data cannot be found for the individual, it cannot be protected for</image:title>
      <image:caption>If data cannot be found for the individual, it cannot be protected for the enterprise. — Professor Kai London, CISO. Principle 161 of 300 on DSAR / Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-162.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-162-every-dsar-reveals-where-data-governance-is-strong-or-fragile.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 162: Every DSAR reveals where data governance is strong or fragile.</image:title>
      <image:caption>Every DSAR reveals where data governance is strong or fragile. — Professor Kai London, CISO. Principle 162 of 300 on DSAR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-163.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-163-privacy-by-design-means-governance-enters-before-launch-not-after-comp.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 163: Privacy by design means governance enters before launch, not after com</image:title>
      <image:caption>Privacy by design means governance enters before launch, not after complaint. — Professor Kai London, CISO. Principle 163 of 300 on Privacy by Design.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-164.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-164-product-design-can-create-regulatory-exposure-faster-than-legal-can-re.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 164: Product design can create regulatory exposure faster than legal can re</image:title>
      <image:caption>Product design can create regulatory exposure faster than legal can repair it. — Professor Kai London, CISO. Principle 164 of 300 on UX / Privacy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-165.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-165-when-refusal-is-harder-than-acceptance-consent-is-already-weakened.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 165: When refusal is harder than acceptance, consent is already weakened.</image:title>
      <image:caption>When refusal is harder than acceptance, consent is already weakened. — Professor Kai London, CISO. Principle 165 of 300 on Consent.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-166.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-166-children-s-data-turns-compliance-weakness-into-public-trust-risk.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 166: Children&#x27;s data turns compliance weakness into public trust risk.</image:title>
      <image:caption>Children&#x27;s data turns compliance weakness into public trust risk. — Professor Kai London, CISO. Principle 166 of 300 on Children&#x27;s Privacy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-167.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-167-age-assurance-is-a-risk-based-control-not-a-decorative-pop-up.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 167: Age assurance is a risk-based control, not a decorative pop-up.</image:title>
      <image:caption>Age assurance is a risk-based control, not a decorative pop-up. — Professor Kai London, CISO. Principle 167 of 300 on Age Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-168.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-168-employee-monitoring-requires-lawful-purpose-proportionality-and-trust-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 168: Employee monitoring requires lawful purpose, proportionality and trust</image:title>
      <image:caption>Employee monitoring requires lawful purpose, proportionality and trust-aware governance. — Professor Kai London, CISO. Principle 168 of 300 on Workplace Privacy.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-169.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-169-financial-services-privacy-risk-is-multiplied-by-operational-resilienc.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 169: Financial-services privacy risk is multiplied by operational resilienc</image:title>
      <image:caption>Financial-services privacy risk is multiplied by operational resilience obligations. — Professor Kai London, CISO. Principle 169 of 300 on Financial Services.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-170.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-170-healthcare-privacy-failures-carry-legal-ethical-and-human-consequences.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 170: Healthcare privacy failures carry legal, ethical and human consequence</image:title>
      <image:caption>Healthcare privacy failures carry legal, ethical and human consequences. — Professor Kai London, CISO. Principle 170 of 300 on Healthcare.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-171.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-171-cloud-security-is-shared-responsibility-plus-continuous-posture-manage.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 171: Cloud security is shared responsibility plus continuous posture manage</image:title>
      <image:caption>Cloud security is shared responsibility plus continuous posture management. — Professor Kai London, CISO. Principle 171 of 300 on Cloud Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-172.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-172-infrastructure-as-code-scales-resilience-or-risk-at-deployment-speed.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 172: Infrastructure-as-Code scales resilience or risk at deployment speed.</image:title>
      <image:caption>Infrastructure-as-Code scales resilience or risk at deployment speed. — Professor Kai London, CISO. Principle 172 of 300 on DevSecOps / Cloud.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-173.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-173-serverless-reduces-infrastructure-burden-while-increasing-service-leve.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 173: Serverless reduces infrastructure burden while increasing service-leve</image:title>
      <image:caption>Serverless reduces infrastructure burden while increasing service-level visibility needs. — Professor Kai London, CISO. Principle 173 of 300 on Cloud Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-174.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-174-apis-are-enterprise-nerve-paths-unprotected-endpoints-become-open-rout.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 174: APIs are enterprise nerve paths; unprotected endpoints become open rou</image:title>
      <image:caption>APIs are enterprise nerve paths; unprotected endpoints become open routes to value. — Professor Kai London, CISO. Principle 174 of 300 on API Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-175.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-175-cnapp-succeeds-when-code-to-cloud-visibility-improves-security-without.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 175: CNAPP succeeds when code-to-cloud visibility improves security without</image:title>
      <image:caption>CNAPP succeeds when code-to-cloud visibility improves security without slowing engineers. — Professor Kai London, CISO. Principle 175 of 300 on Cloud-Native Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-176.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-176-ephemeral-workloads-need-security-controls-that-move-at-ephemeral-spee.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 176: Ephemeral workloads need security controls that move at ephemeral spee</image:title>
      <image:caption>Ephemeral workloads need security controls that move at ephemeral speed. — Professor Kai London, CISO. Principle 176 of 300 on Cloud Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-177.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-177-multi-cloud-reduces-dependency-while-increasing-identity-visibility-an.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 177: Multi-cloud reduces dependency while increasing identity, visibility a</image:title>
      <image:caption>Multi-cloud reduces dependency while increasing identity, visibility and key-management complexity. — Professor Kai London, CISO. Principle 177 of 300 on Cloud Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-178.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-178-sensitive-data-discovery-is-half-the-battle-in-cloud-risk-management.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 178: Sensitive-data discovery is half the battle in cloud risk management.</image:title>
      <image:caption>Sensitive-data discovery is half the battle in cloud risk management. — Professor Kai London, CISO. Principle 178 of 300 on DSPM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-179.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-179-cloud-misconfiguration-is-best-prevented-through-automated-checks-not-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 179: Cloud misconfiguration is best prevented through automated checks, not</image:title>
      <image:caption>Cloud misconfiguration is best prevented through automated checks, not manual hope. — Professor Kai London, CISO. Principle 179 of 300 on Cloud Compliance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-180.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-180-real-time-cloud-assurance-converts-uncertainty-into-operational-confid.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 180: Real-time cloud assurance converts uncertainty into operational confid</image:title>
      <image:caption>Real-time cloud assurance converts uncertainty into operational confidence. — Professor Kai London, CISO. Principle 180 of 300 on Cloud Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-181.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-181-a-secure-cloud-begins-with-ownership-configuration-monitoring-and-evid.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 181: A secure cloud begins with ownership, configuration, monitoring and ev</image:title>
      <image:caption>A secure cloud begins with ownership, configuration, monitoring and evidence. — Professor Kai London, CISO. Principle 181 of 300 on Cloud Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-182.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-182-identity-sprawl-is-the-hidden-tax-of-unmanaged-cloud-expansion.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 182: Identity sprawl is the hidden tax of unmanaged cloud expansion.</image:title>
      <image:caption>Identity sprawl is the hidden tax of unmanaged cloud expansion. — Professor Kai London, CISO. Principle 182 of 300 on Cloud IAM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-183.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-183-every-api-needs-authentication-authorisation-monitoring-and-retirement.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 183: Every API needs authentication, authorisation, monitoring and retireme</image:title>
      <image:caption>Every API needs authentication, authorisation, monitoring and retirement discipline. — Professor Kai London, CISO. Principle 183 of 300 on API Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-184.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-184-cloud-resilience-fails-when-backups-keys-and-identities-share-the-same.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 184: Cloud resilience fails when backups, keys and identities share the sam</image:title>
      <image:caption>Cloud resilience fails when backups, keys and identities share the same blast radius. — Professor Kai London, CISO. Principle 184 of 300 on Cloud Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-185.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-185-cloud-control-must-be-embedded-into-pipelines-not-inspected-after-depl.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 185: Cloud control must be embedded into pipelines, not inspected after dep</image:title>
      <image:caption>Cloud control must be embedded into pipelines, not inspected after deployment. — Professor Kai London, CISO. Principle 185 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-186.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-186-cryptographic-agility-must-begin-before-quantum-risk-becomes-operation.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 186: Cryptographic agility must begin before quantum risk becomes operation</image:title>
      <image:caption>Cryptographic agility must begin before quantum risk becomes operational reality. — Professor Kai London, CISO. Principle 186 of 300 on Quantum / Crypto.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-187.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-187-harvest-now-decrypt-later-makes-today-s-encrypted-exposure-tomorrow-s-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 187: Harvest-now-decrypt-later makes today&#x27;s encrypted exposure tomorrow&#x27;s </image:title>
      <image:caption>Harvest-now-decrypt-later makes today&#x27;s encrypted exposure tomorrow&#x27;s disclosure risk. — Professor Kai London, CISO. Principle 187 of 300 on Quantum Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-188.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-188-key-rotation-should-be-an-automated-health-function-not-a-manual-after.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 188: Key rotation should be an automated health function, not a manual afte</image:title>
      <image:caption>Key rotation should be an automated health function, not a manual afterthought. — Professor Kai London, CISO. Principle 188 of 300 on Key Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-189.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-189-post-quantum-planning-must-include-firmware-devices-applications-and-s.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 189: Post-quantum planning must include firmware, devices, applications and</image:title>
      <image:caption>Post-quantum planning must include firmware, devices, applications and suppliers. — Professor Kai London, CISO. Principle 189 of 300 on PQC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-190.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-190-privacy-preserving-analytics-should-unlock-insight-without-exposing-ra.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 190: Privacy-preserving analytics should unlock insight without exposing ra</image:title>
      <image:caption>Privacy-preserving analytics should unlock insight without exposing raw data. — Professor Kai London, CISO. Principle 190 of 300 on Encryption / Analytics.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-191.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-191-strong-encryption-depends-on-strong-entropy-disciplined-keys-and-gover.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 191: Strong encryption depends on strong entropy, disciplined keys and gove</image:title>
      <image:caption>Strong encryption depends on strong entropy, disciplined keys and governed custody. — Professor Kai London, CISO. Principle 191 of 300 on Cryptography.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-192.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-192-customer-controlled-key-models-strengthen-cloud-trust-when-implemented.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 192: Customer-controlled key models strengthen cloud trust when implemented</image:title>
      <image:caption>Customer-controlled key models strengthen cloud trust when implemented with discipline. — Professor Kai London, CISO. Principle 192 of 300 on BYOK / HYOK.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-193.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-193-internal-traffic-needs-cryptographic-protection-because-trusted-networ.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 193: Internal traffic needs cryptographic protection because trusted networ</image:title>
      <image:caption>Internal traffic needs cryptographic protection because trusted networks no longer exist. — Professor Kai London, CISO. Principle 193 of 300 on Network Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-194.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-194-digital-certificates-are-trust-passports-expiry-failure-can-become-ent.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 194: Digital certificates are trust passports; expiry failure can become en</image:title>
      <image:caption>Digital certificates are trust passports; expiry failure can become enterprise outage. — Professor Kai London, CISO. Principle 194 of 300 on Certificate Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-195.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-195-a-cryptographic-key-is-only-as-secure-as-the-environment-protecting-it.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 195: A cryptographic key is only as secure as the environment protecting it</image:title>
      <image:caption>A cryptographic key is only as secure as the environment protecting it. — Professor Kai London, CISO. Principle 195 of 300 on HSM / KMS.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-196.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-196-crypto-inventory-is-the-first-step-toward-post-quantum-readiness.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 196: Crypto inventory is the first step toward post-quantum readiness.</image:title>
      <image:caption>Crypto inventory is the first step toward post-quantum readiness. — Professor Kai London, CISO. Principle 196 of 300 on PQC Planning.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-197.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-197-key-ownership-must-be-clear-before-key-compromise-becomes-a-business-c.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 197: Key ownership must be clear before key compromise becomes a business c</image:title>
      <image:caption>Key ownership must be clear before key compromise becomes a business crisis. — Professor Kai London, CISO. Principle 197 of 300 on Key Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-198.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-198-certificate-lifecycle-management-is-resilience-work-disguised-as-admin.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 198: Certificate lifecycle management is resilience work disguised as admin</image:title>
      <image:caption>Certificate lifecycle management is resilience work disguised as administration. — Professor Kai London, CISO. Principle 198 of 300 on Certificate Ops.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-199.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-199-encryption-strategy-must-cover-data-at-rest-in-motion-in-use-and-in-ev.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 199: Encryption strategy must cover data at rest, in motion, in use and in </image:title>
      <image:caption>Encryption strategy must cover data at rest, in motion, in use and in evidence. — Professor Kai London, CISO. Principle 199 of 300 on Data Protection.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-200.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-200-the-strongest-cryptography-still-fails-under-weak-process-and-poor-cus.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 200: The strongest cryptography still fails under weak process and poor cus</image:title>
      <image:caption>The strongest cryptography still fails under weak process and poor custody. — Professor Kai London, CISO. Principle 200 of 300 on Crypto Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-201.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-201-devsecops-works-when-security-becomes-an-engineering-habit-not-a-relea.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 201: DevSecOps works when security becomes an engineering habit, not a rele</image:title>
      <image:caption>DevSecOps works when security becomes an engineering habit, not a release delay. — Professor Kai London, CISO. Principle 201 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-202.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-202-shift-left-succeeds-only-when-developers-receive-actionable-remediatio.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 202: Shift-left succeeds only when developers receive actionable remediatio</image:title>
      <image:caption>Shift-left succeeds only when developers receive actionable remediation. — Professor Kai London, CISO. Principle 202 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-203.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-203-an-sbom-is-the-digital-product-label-every-secure-enterprise-needs.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 203: An SBOM is the digital product label every secure enterprise needs.</image:title>
      <image:caption>An SBOM is the digital product label every secure enterprise needs. — Professor Kai London, CISO. Principle 203 of 300 on Software Supply Chain.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-204.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-204-open-source-dependencies-carry-inherited-exposure-and-must-be-governed.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 204: Open-source dependencies carry inherited exposure and must be governed</image:title>
      <image:caption>Open-source dependencies carry inherited exposure and must be governed accordingly. — Professor Kai London, CISO. Principle 204 of 300 on AppSec.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-205.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-205-hardcoded-secrets-turn-source-code-into-an-access-path.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 205: Hardcoded secrets turn source code into an access path.</image:title>
      <image:caption>Hardcoded secrets turn source code into an access path. — Professor Kai London, CISO. Principle 205 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-206.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-206-security-champions-convert-security-from-a-gate-into-an-engineering-cu.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 206: Security champions convert security from a gate into an engineering cu</image:title>
      <image:caption>Security champions convert security from a gate into an engineering culture. — Professor Kai London, CISO. Principle 206 of 300 on Security Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-207.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-207-ci-cd-pipelines-are-crown-jewel-systems-because-they-shape-every-futur.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 207: CI/CD pipelines are crown-jewel systems because they shape every futur</image:title>
      <image:caption>CI/CD pipelines are crown-jewel systems because they shape every future release. — Professor Kai London, CISO. Principle 207 of 300 on Pipeline Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-208.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-208-immutable-infrastructure-reduces-persistence-by-making-change-traceabl.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 208: Immutable infrastructure reduces persistence by making change traceabl</image:title>
      <image:caption>Immutable infrastructure reduces persistence by making change traceable. — Professor Kai London, CISO. Principle 208 of 300 on Cloud / DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-209.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-209-vulnerability-chaining-shows-how-small-weaknesses-combine-into-serious.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 209: Vulnerability chaining shows how small weaknesses combine into serious</image:title>
      <image:caption>Vulnerability chaining shows how small weaknesses combine into serious exposure. — Professor Kai London, CISO. Principle 209 of 300 on AppSec.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-210.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-210-release-velocity-and-security-posture-improve-together-when-automation.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 210: Release velocity and security posture improve together when automation</image:title>
      <image:caption>Release velocity and security posture improve together when automation is designed well. — Professor Kai London, CISO. Principle 210 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-211.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-211-secure-sdlc-is-strongest-when-threat-modelling-happens-before-code-har.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 211: Secure SDLC is strongest when threat modelling happens before code har</image:title>
      <image:caption>Secure SDLC is strongest when threat modelling happens before code hardens into cost. — Professor Kai London, CISO. Principle 211 of 300 on SDLC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-212.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-212-static-findings-need-business-context-before-they-become-engineering-p.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 212: Static findings need business context before they become engineering p</image:title>
      <image:caption>Static findings need business context before they become engineering priorities. — Professor Kai London, CISO. Principle 212 of 300 on AppSec.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-213.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-213-secrets-management-is-not-a-tool-purchase-it-is-a-custody-discipline.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 213: Secrets management is not a tool purchase; it is a custody discipline.</image:title>
      <image:caption>Secrets management is not a tool purchase; it is a custody discipline. — Professor Kai London, CISO. Principle 213 of 300 on DevSecOps.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-214.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-214-pipeline-access-should-be-governed-like-production-access.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 214: Pipeline access should be governed like production access.</image:title>
      <image:caption>Pipeline access should be governed like production access. — Professor Kai London, CISO. Principle 214 of 300 on CI/CD Security.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-215.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-215-secure-release-management-is-evidence-led-change-control-at-engineerin.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 215: Secure release management is evidence-led change control at engineerin</image:title>
      <image:caption>Secure release management is evidence-led change control at engineering speed. — Professor Kai London, CISO. Principle 215 of 300 on DevSecOps / GRC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-216.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-216-compliance-shows-regulatory-awareness-threat-hunting-shows-adversary-a.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 216: Compliance shows regulatory awareness; threat hunting shows adversary </image:title>
      <image:caption>Compliance shows regulatory awareness; threat hunting shows adversary awareness. — Professor Kai London, CISO. Principle 216 of 300 on Threat Intelligence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-217.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-217-behavioural-indicators-reveal-intent-where-static-indicators-reveal-hi.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 217: Behavioural indicators reveal intent where static indicators reveal hi</image:title>
      <image:caption>Behavioural indicators reveal intent where static indicators reveal history. — Professor Kai London, CISO. Principle 217 of 300 on Detection.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-218.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-218-threat-intelligence-becomes-valuable-only-when-relevant-to-sector-asse.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 218: Threat intelligence becomes valuable only when relevant to sector, ass</image:title>
      <image:caption>Threat intelligence becomes valuable only when relevant to sector, assets and exposure. — Professor Kai London, CISO. Principle 218 of 300 on Threat Intel.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-219.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-219-deception-controls-shift-advantage-by-making-attackers-reveal-themselv.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 219: Deception controls shift advantage by making attackers reveal themselv</image:title>
      <image:caption>Deception controls shift advantage by making attackers reveal themselves early. — Professor Kai London, CISO. Principle 219 of 300 on Deception Technology.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-220.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-220-attack-surface-management-requires-continuous-curiosity-about-how-the-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 220: Attack surface management requires continuous curiosity about how the </image:title>
      <image:caption>Attack surface management requires continuous curiosity about how the enterprise appears externally. — Professor Kai London, CISO. Principle 220 of 300 on ASM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-221.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-221-exposure-markets-turn-yesterday-s-leakage-into-tomorrow-s-intrusion-pa.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 221: Exposure markets turn yesterday&#x27;s leakage into tomorrow&#x27;s intrusion pa</image:title>
      <image:caption>Exposure markets turn yesterday&#x27;s leakage into tomorrow&#x27;s intrusion path. — Professor Kai London, CISO. Principle 221 of 300 on Threat Intel.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-222.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-222-mean-time-to-detect-often-decides-whether-an-incident-stays-contained-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 222: Mean time to detect often decides whether an incident stays contained </image:title>
      <image:caption>Mean time to detect often decides whether an incident stays contained or becomes public. — Professor Kai London, CISO. Principle 222 of 300 on SOC Metrics.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-223.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-223-soc-automation-should-reduce-fatigue-while-preserving-human-judgement.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 223: SOC automation should reduce fatigue while preserving human judgement.</image:title>
      <image:caption>SOC automation should reduce fatigue while preserving human judgement. — Professor Kai London, CISO. Principle 223 of 300 on SOC Automation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-224.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-224-adversaries-exploit-seams-between-tools-integration-closes-those-seams.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 224: Adversaries exploit seams between tools; integration closes those seam</image:title>
      <image:caption>Adversaries exploit seams between tools; integration closes those seams. — Professor Kai London, CISO. Principle 224 of 300 on Security Architecture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-225.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-225-proactive-defence-needs-mapped-behaviours-not-improvised-guesses-durin.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 225: Proactive defence needs mapped behaviours, not improvised guesses duri</image:title>
      <image:caption>Proactive defence needs mapped behaviours, not improvised guesses during intrusion. — Professor Kai London, CISO. Principle 225 of 300 on MITRE ATT&amp;CK.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-226.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-226-threat-hunting-begins-where-dashboards-stop-answering-the-hard-questio.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 226: Threat hunting begins where dashboards stop answering the hard questio</image:title>
      <image:caption>Threat hunting begins where dashboards stop answering the hard question. — Professor Kai London, CISO. Principle 226 of 300 on Threat Hunting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-227.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-227-intelligence-without-action-is-research-not-defence.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 227: Intelligence without action is research, not defence.</image:title>
      <image:caption>Intelligence without action is research, not defence. — Professor Kai London, CISO. Principle 227 of 300 on Threat Intel.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-228.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-228-detection-engineering-should-turn-known-attacker-behaviour-into-repeat.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 228: Detection engineering should turn known attacker behaviour into repeat</image:title>
      <image:caption>Detection engineering should turn known attacker behaviour into repeatable control logic. — Professor Kai London, CISO. Principle 228 of 300 on Detection Engineering.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-229.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-229-the-best-soc-measures-confidence-context-and-containment-not-alert-vol.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 229: The best SOC measures confidence, context and containment, not alert v</image:title>
      <image:caption>The best SOC measures confidence, context and containment, not alert volume. — Professor Kai London, CISO. Principle 229 of 300 on SOC Metrics.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-230.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-230-attack-paths-must-be-prioritised-by-consequence-not-curiosity-alone.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 230: Attack paths must be prioritised by consequence, not curiosity alone.</image:title>
      <image:caption>Attack paths must be prioritised by consequence, not curiosity alone. — Professor Kai London, CISO. Principle 230 of 300 on Exposure Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-231.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-231-cyber-resilience-is-measured-by-continuity-during-the-attacks-that-get.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 231: Cyber resilience is measured by continuity during the attacks that get</image:title>
      <image:caption>Cyber resilience is measured by continuity during the attacks that get through. — Professor Kai London, CISO. Principle 231 of 300 on Incident Response.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-232.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-232-automated-response-needs-deterministic-guardrails-before-acting-at-ent.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 232: Automated response needs deterministic guardrails before acting at ent</image:title>
      <image:caption>Automated response needs deterministic guardrails before acting at enterprise speed. — Professor Kai London, CISO. Principle 232 of 300 on SOAR / IR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-233.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-233-ransomware-resilience-is-strongest-when-recovery-makes-extortion-less-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 233: Ransomware resilience is strongest when recovery makes extortion less </image:title>
      <image:caption>Ransomware resilience is strongest when recovery makes extortion less powerful. — Professor Kai London, CISO. Principle 233 of 300 on Ransomware.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-234.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-234-backups-must-not-share-the-same-trust-plane-as-the-compromised-environ.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 234: Backups must not share the same trust plane as the compromised environ</image:title>
      <image:caption>Backups must not share the same trust plane as the compromised environment. — Professor Kai London, CISO. Principle 234 of 300 on Recovery.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-235.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-235-tabletop-exercises-should-include-lost-communications-leadership-press.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 235: Tabletop exercises should include lost communications, leadership pres</image:title>
      <image:caption>Tabletop exercises should include lost communications, leadership pressure and incomplete facts. — Professor Kai London, CISO. Principle 235 of 300 on Crisis Simulation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-236.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-236-legal-privilege-in-incident-response-must-be-considered-at-the-start.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 236: Legal privilege in incident response must be considered at the start.</image:title>
      <image:caption>Legal privilege in incident response must be considered at the start. — Professor Kai London, CISO. Principle 236 of 300 on Legal / IR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-237.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-237-breach-communication-needs-one-source-of-technical-truth.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 237: Breach communication needs one source of technical truth.</image:title>
      <image:caption>Breach communication needs one source of technical truth. — Professor Kai London, CISO. Principle 237 of 300 on Crisis Comms.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-238.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-238-forensics-depends-on-chain-of-custody-because-evidence-must-survive-sc.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 238: Forensics depends on chain of custody because evidence must survive sc</image:title>
      <image:caption>Forensics depends on chain of custody because evidence must survive scrutiny. — Professor Kai London, CISO. Principle 238 of 300 on Digital Forensics.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-239.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-239-breach-cost-includes-recovery-confidence-trust-and-future-opportunity.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 239: Breach cost includes recovery, confidence, trust and future opportunit</image:title>
      <image:caption>Breach cost includes recovery, confidence, trust and future opportunity. — Professor Kai London, CISO. Principle 239 of 300 on Business Impact.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-240.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-240-post-incident-review-should-be-blameless-precise-and-focused-on-archit.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 240: Post-incident review should be blameless, precise and focused on archi</image:title>
      <image:caption>Post-incident review should be blameless, precise and focused on architectural improvement. — Professor Kai London, CISO. Principle 240 of 300 on Lessons Learned.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-241.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-241-the-incident-room-should-not-be-the-first-place-roles-are-understood.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 241: The incident room should not be the first place roles are understood.</image:title>
      <image:caption>The incident room should not be the first place roles are understood. — Professor Kai London, CISO. Principle 241 of 300 on IR Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-242.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-242-the-first-hour-of-an-incident-should-follow-a-rehearsed-path.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 242: The first hour of an incident should follow a rehearsed path.</image:title>
      <image:caption>The first hour of an incident should follow a rehearsed path. — Professor Kai London, CISO. Principle 242 of 300 on IR Readiness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-243.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-243-a-good-response-protects-people-operations-evidence-and-reputation.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 243: A good response protects people, operations, evidence and reputation.</image:title>
      <image:caption>A good response protects people, operations, evidence and reputation. — Professor Kai London, CISO. Principle 243 of 300 on Crisis Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-244.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-244-reputation-is-protected-by-preparation-not-statements.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 244: Reputation is protected by preparation, not statements.</image:title>
      <image:caption>Reputation is protected by preparation, not statements. — Professor Kai London, CISO. Principle 244 of 300 on Crisis Comms.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-245.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-245-speed-matters-in-crisis-but-accuracy-protects-credibility.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 245: Speed matters in crisis, but accuracy protects credibility.</image:title>
      <image:caption>Speed matters in crisis, but accuracy protects credibility. — Professor Kai London, CISO. Principle 245 of 300 on Incident Response.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-246.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-246-the-best-incident-simulation-exposes-weakness-without-creating-blame.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 246: The best incident simulation exposes weakness without creating blame.</image:title>
      <image:caption>The best incident simulation exposes weakness without creating blame. — Professor Kai London, CISO. Principle 246 of 300 on Tabletop Exercise.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-247.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-247-crisis-leadership-is-calm-factual-and-evidence-led.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 247: Crisis leadership is calm, factual and evidence-led.</image:title>
      <image:caption>Crisis leadership is calm, factual and evidence-led. — Professor Kai London, CISO. Principle 247 of 300 on Crisis Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-248.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-248-cyber-resilience-is-strongest-when-legal-security-operations-and-commu.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 248: Cyber resilience is strongest when legal, security, operations and com</image:title>
      <image:caption>Cyber resilience is strongest when legal, security, operations and communications move together. — Professor Kai London, CISO. Principle 248 of 300 on War Room.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-249.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-249-a-crisis-plan-is-useful-only-when-people-have-practised-using-it.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 249: A crisis plan is useful only when people have practised using it.</image:title>
      <image:caption>A crisis plan is useful only when people have practised using it. — Professor Kai London, CISO. Principle 249 of 300 on Preparedness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-250.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-250-incident-evidence-should-be-preserved-as-carefully-as-systems-are-rest.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 250: Incident evidence should be preserved as carefully as systems are rest</image:title>
      <image:caption>Incident evidence should be preserved as carefully as systems are restored. — Professor Kai London, CISO. Principle 250 of 300 on Forensics / GRC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-251.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-251-regulatory-readiness-is-the-ability-to-answer-hard-questions-with-curr.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 251: Regulatory readiness is the ability to answer hard questions with curr</image:title>
      <image:caption>Regulatory readiness is the ability to answer hard questions with current evidence. — Professor Kai London, CISO. Principle 251 of 300 on Regulatory.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-252.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-252-evidence-is-the-new-compliance-assumption-is-the-new-liability.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 252: Evidence is the new compliance; assumption is the new liability.</image:title>
      <image:caption>Evidence is the new compliance; assumption is the new liability. — Professor Kai London, CISO. Principle 252 of 300 on GRC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-253.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-253-a-regulator-ready-enterprise-builds-the-evidence-pack-before-the-reque.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 253: A regulator-ready enterprise builds the evidence pack before the reque</image:title>
      <image:caption>A regulator-ready enterprise builds the evidence pack before the request arrives. — Professor Kai London, CISO. Principle 253 of 300 on Compliance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-254.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-254-board-minutes-can-become-protection-when-they-show-active-governance.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 254: Board minutes can become protection when they show active governance.</image:title>
      <image:caption>Board minutes can become protection when they show active governance. — Professor Kai London, CISO. Principle 254 of 300 on Board Evidence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-255.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-255-risk-registers-matter-only-when-they-drive-decisions-owners-and-closur.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 255: Risk registers matter only when they drive decisions, owners and closu</image:title>
      <image:caption>Risk registers matter only when they drive decisions, owners and closure. — Professor Kai London, CISO. Principle 255 of 300 on Risk Management.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-256.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-256-continuous-controls-monitoring-turns-compliance-into-live-operating-in.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 256: Continuous controls monitoring turns compliance into live operating in</image:title>
      <image:caption>Continuous controls monitoring turns compliance into live operating intelligence. — Professor Kai London, CISO. Principle 256 of 300 on CCM.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-257.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-257-a-finding-is-not-closed-until-the-risk-is-reduced-and-the-evidence-is-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 257: A finding is not closed until the risk is reduced and the evidence is </image:title>
      <image:caption>A finding is not closed until the risk is reduced and the evidence is retrievable. — Professor Kai London, CISO. Principle 257 of 300 on Audit Remediation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-258.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-258-governance-works-when-the-right-decision-becomes-repeatable-under-pres.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 258: Governance works when the right decision becomes repeatable under pres</image:title>
      <image:caption>Governance works when the right decision becomes repeatable under pressure. — Professor Kai London, CISO. Principle 258 of 300 on Operating Model.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-259.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-259-board-reporting-should-answer-what-changed-what-matters-and-what-needs.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 259: Board reporting should answer what changed, what matters and what need</image:title>
      <image:caption>Board reporting should answer what changed, what matters and what needs approval. — Professor Kai London, CISO. Principle 259 of 300 on Executive Reporting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-260.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-260-regulatory-confidence-grows-when-documentation-predates-the-question.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 260: Regulatory confidence grows when documentation predates the question.</image:title>
      <image:caption>Regulatory confidence grows when documentation predates the question. — Professor Kai London, CISO. Principle 260 of 300 on Compliance Evidence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-261.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-261-privacy-cyber-and-ai-governance-now-form-one-trust-discipline.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 261: Privacy, cyber and AI governance now form one trust discipline.</image:title>
      <image:caption>Privacy, cyber and AI governance now form one trust discipline. — Professor Kai London, CISO. Principle 261 of 300 on Integrated Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-262.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-262-a-risk-accepted-without-evidence-is-only-a-hope-with-a-signature.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 262: A risk accepted without evidence is only a hope with a signature.</image:title>
      <image:caption>A risk accepted without evidence is only a hope with a signature. — Professor Kai London, CISO. Principle 262 of 300 on Risk Acceptance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-263.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-263-audit-readiness-is-not-a-season-it-is-an-operating-habit.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 263: Audit readiness is not a season; it is an operating habit.</image:title>
      <image:caption>Audit readiness is not a season; it is an operating habit. — Professor Kai London, CISO. Principle 263 of 300 on Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-264.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-264-the-strongest-programmes-can-prove-not-only-what-they-did-but-why-they.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 264: The strongest programmes can prove not only what they did, but why the</image:title>
      <image:caption>The strongest programmes can prove not only what they did, but why they did it. — Professor Kai London, CISO. Principle 264 of 300 on Decision Evidence.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-265.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-265-documentation-is-powerful-when-it-reflects-real-control-not-decorative.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 265: Documentation is powerful when it reflects real control, not decorativ</image:title>
      <image:caption>Documentation is powerful when it reflects real control, not decorative compliance. — Professor Kai London, CISO. Principle 265 of 300 on GRC.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-266.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-266-executive-assurance-must-connect-risk-cost-control-and-consequence.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 266: Executive assurance must connect risk, cost, control and consequence.</image:title>
      <image:caption>Executive assurance must connect risk, cost, control and consequence. — Professor Kai London, CISO. Principle 266 of 300 on Board Assurance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-267.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-267-a-governance-committee-is-useful-only-when-it-changes-outcomes.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 267: A governance committee is useful only when it changes outcomes.</image:title>
      <image:caption>A governance committee is useful only when it changes outcomes. — Professor Kai London, CISO. Principle 267 of 300 on Governance.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-268.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-268-regulatory-survival-depends-on-clarity-before-inquiry-and-discipline-d.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 268: Regulatory survival depends on clarity before inquiry and discipline d</image:title>
      <image:caption>Regulatory survival depends on clarity before inquiry and discipline during inquiry. — Professor Kai London, CISO. Principle 268 of 300 on Regulatory Response.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-269.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-269-compliance-automation-should-remove-manual-fragility-not-obscure-respo.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 269: Compliance automation should remove manual fragility, not obscure resp</image:title>
      <image:caption>Compliance automation should remove manual fragility, not obscure responsibility. — Professor Kai London, CISO. Principle 269 of 300 on GRC Automation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-270.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-270-evidence-led-delivery-wins-audits-renewals-and-trust.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 270: Evidence-led delivery wins audits, renewals and trust.</image:title>
      <image:caption>Evidence-led delivery wins audits, renewals and trust. — Professor Kai London, CISO. Principle 270 of 300 on Evidence / Consulting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-271.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-271-security-culture-is-what-people-do-when-the-policy-is-not-watching.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 271: Security culture is what people do when the policy is not watching.</image:title>
      <image:caption>Security culture is what people do when the policy is not watching. — Professor Kai London, CISO. Principle 271 of 300 on Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-272.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-272-blame-teaches-people-to-hide-incidents-curiosity-teaches-them-to-repor.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 272: Blame teaches people to hide incidents; curiosity teaches them to repo</image:title>
      <image:caption>Blame teaches people to hide incidents; curiosity teaches them to report early. — Professor Kai London, CISO. Principle 272 of 300 on Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-273.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-273-awareness-training-that-bores-is-awareness-training-that-fails.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 273: Awareness training that bores is awareness training that fails.</image:title>
      <image:caption>Awareness training that bores is awareness training that fails. — Professor Kai London, CISO. Principle 273 of 300 on Human Factor.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-274.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-274-the-strongest-human-control-is-a-person-who-feels-safe-raising-a-conce.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 274: The strongest human control is a person who feels safe raising a conce</image:title>
      <image:caption>The strongest human control is a person who feels safe raising a concern. — Professor Kai London, CISO. Principle 274 of 300 on Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-275.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-275-a-ciso-s-job-is-not-to-say-no-faster-it-is-to-make-yes-safer.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 275: A CISO&#x27;s job is not to say no faster; it is to make yes safer.</image:title>
      <image:caption>A CISO&#x27;s job is not to say no faster; it is to make yes safer. — Professor Kai London, CISO. Principle 275 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-276.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-276-translate-risk-into-business-language-or-be-translated-out-of-the-deci.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 276: Translate risk into business language or be translated out of the deci</image:title>
      <image:caption>Translate risk into business language or be translated out of the decision room. — Professor Kai London, CISO. Principle 276 of 300 on Communication.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-277.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-277-security-is-led-best-when-everyone-else-feels-responsible-for-it.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 277: Security is led best when everyone else feels responsible for it.</image:title>
      <image:caption>Security is led best when everyone else feels responsible for it. — Professor Kai London, CISO. Principle 277 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-278.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-278-resilience-is-a-team-sport-heroism-is-usually-failure-seen-too-late.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 278: Resilience is a team sport; heroism is usually failure seen too late.</image:title>
      <image:caption>Resilience is a team sport; heroism is usually failure seen too late. — Professor Kai London, CISO. Principle 278 of 300 on Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-279.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-279-the-tabletop-nobody-enjoys-may-become-the-incident-everyone-survives.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 279: The tabletop nobody enjoys may become the incident everyone survives.</image:title>
      <image:caption>The tabletop nobody enjoys may become the incident everyone survives. — Professor Kai London, CISO. Principle 279 of 300 on Preparedness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-280.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-280-clarity-under-pressure-is-built-before-pressure-arrives.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 280: Clarity under pressure is built before pressure arrives.</image:title>
      <image:caption>Clarity under pressure is built before pressure arrives. — Professor Kai London, CISO. Principle 280 of 300 on Crisis Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-281.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-281-hire-for-judgement-tools-can-be-taught-but-integrity-cannot-be-patched.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 281: Hire for judgement; tools can be taught, but integrity cannot be patch</image:title>
      <image:caption>Hire for judgement; tools can be taught, but integrity cannot be patched. — Professor Kai London, CISO. Principle 281 of 300 on Talent.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-282.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-282-every-security-decision-is-a-trust-decision-wearing-technical-clothing.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 282: Every security decision is a trust decision wearing technical clothing</image:title>
      <image:caption>Every security decision is a trust decision wearing technical clothing. — Professor Kai London, CISO. Principle 282 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-283.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-283-programme-maturity-is-measured-by-how-quietly-it-handles-a-bad-day.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 283: Programme maturity is measured by how quietly it handles a bad day.</image:title>
      <image:caption>Programme maturity is measured by how quietly it handles a bad day. — Professor Kai London, CISO. Principle 283 of 300 on Maturity.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-284.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-284-culture-improves-when-security-explains-the-why-not-just-the-rule.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 284: Culture improves when security explains the why, not just the rule.</image:title>
      <image:caption>Culture improves when security explains the why, not just the rule. — Professor Kai London, CISO. Principle 284 of 300 on Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-285.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-285-the-best-leaders-make-complex-risk-feel-manageable-without-making-it-s.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 285: The best leaders make complex risk feel manageable without making it s</image:title>
      <image:caption>The best leaders make complex risk feel manageable without making it seem small. — Professor Kai London, CISO. Principle 285 of 300 on Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-286.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-286-psychological-safety-is-an-incident-response-control.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 286: Psychological safety is an incident-response control.</image:title>
      <image:caption>Psychological safety is an incident-response control. — Professor Kai London, CISO. Principle 286 of 300 on Culture / IR.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-287.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-287-security-adoption-rises-when-people-see-protection-as-help-not-obstruc.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 287: Security adoption rises when people see protection as help, not obstru</image:title>
      <image:caption>Security adoption rises when people see protection as help, not obstruction. — Professor Kai London, CISO. Principle 287 of 300 on Security Culture.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-288.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-288-a-resilient-organisation-learns-faster-than-the-threat-adapts.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 288: A resilient organisation learns faster than the threat adapts.</image:title>
      <image:caption>A resilient organisation learns faster than the threat adapts. — Professor Kai London, CISO. Principle 288 of 300 on Resilience.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-289.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-289-leadership-is-the-ability-to-create-order-without-pretending-certainty.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 289: Leadership is the ability to create order without pretending certainty</image:title>
      <image:caption>Leadership is the ability to create order without pretending certainty exists. — Professor Kai London, CISO. Principle 289 of 300 on Executive Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-290.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-290-trust-compounds-when-competence-restraint-and-delivery-repeat.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 290: Trust compounds when competence, restraint and delivery repeat.</image:title>
      <image:caption>Trust compounds when competence, restraint and delivery repeat. — Professor Kai London, CISO. Principle 290 of 300 on Reputation.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-291.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-291-contract-value-increases-when-every-recommendation-is-practical-eviden.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 291: Contract value increases when every recommendation is practical, evide</image:title>
      <image:caption>Contract value increases when every recommendation is practical, evidenced and owned. — Professor Kai London, CISO. Principle 291 of 300 on Consulting Delivery.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-292.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-292-a-first-deliverable-should-create-confidence-not-dependency.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 292: A first deliverable should create confidence, not dependency.</image:title>
      <image:caption>A first deliverable should create confidence, not dependency. — Professor Kai London, CISO. Principle 292 of 300 on Advisory.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-293.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-293-the-client-remembers-the-consultant-who-made-the-problem-smaller.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 293: The client remembers the consultant who made the problem smaller.</image:title>
      <image:caption>The client remembers the consultant who made the problem smaller. — Professor Kai London, CISO. Principle 293 of 300 on Consulting.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-294.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-294-winning-work-starts-with-being-clear-to-understand-and-easy-to-trust.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 294: Winning work starts with being clear to understand and easy to trust.</image:title>
      <image:caption>Winning work starts with being clear to understand and easy to trust. — Professor Kai London, CISO. Principle 294 of 300 on Contract Readiness.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-295.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-295-the-sharper-the-positioning-the-easier-it-is-to-be-remembered.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 295: The sharper the positioning, the easier it is to be remembered.</image:title>
      <image:caption>The sharper the positioning, the easier it is to be remembered. — Professor Kai London, CISO. Principle 295 of 300 on Brand Positioning.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-296.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-296-useful-authority-is-built-by-proving-value-before-asking-for-attention.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 296: Useful authority is built by proving value before asking for attention</image:title>
      <image:caption>Useful authority is built by proving value before asking for attention. — Professor Kai London, CISO. Principle 296 of 300 on Thought Leadership.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-297.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-297-the-strongest-profile-combines-cyber-depth-ai-governance-ot-awareness-.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 297: The strongest profile combines cyber depth, AI governance, OT awarenes</image:title>
      <image:caption>The strongest profile combines cyber depth, AI governance, OT awareness and delivery proof. — Professor Kai London, CISO. Principle 297 of 300 on Personal Brand.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-298.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-298-professor-kai-london-stands-for-security-that-is-intelligent-practical.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 298: Professor Kai London stands for security that is intelligent, practica</image:title>
      <image:caption>Professor Kai London stands for security that is intelligent, practical and defensible. — Professor Kai London, CISO. Principle 298 of 300 on Brand Positioning.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-299.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-299-protect-trust-enable-resilience-and-deliver-value-with-evidence.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 299: Protect trust, enable resilience and deliver value with evidence.</image:title>
      <image:caption>Protect trust, enable resilience and deliver value with evidence. — Professor Kai London, CISO. Principle 299 of 300 on Signature Doctrine.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-300.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-300-trust-under-pressure-is-the-modern-measure-of-cyber-leadership.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 300: Trust under pressure is the modern measure of cyber leadership.</image:title>
      <image:caption>Trust under pressure is the modern measure of cyber leadership. — Professor Kai London, CISO. Principle 300 of 300 on Executive Doctrine.</image:caption>
    </image:image>
  </url>
  <url>
    <loc>https://professorkailondon.com/principles/set2/principle-020.html</loc>
    <image:image>
      <image:loc>https://professorkailondon.com/principles/set2/cards/professor-kai-london-cyber-security-principle-set2-020-security-maturity-is-not-what-is-written-it-is-what-can-be-demonstrate.png</image:loc>
      <image:title>Professor Kai London — Cyber Security Principle 020: Security maturity is not what is written; it is what can be demonstrat</image:title>
      <image:caption>Security maturity is not what is written; it is what can be demonstrated. — Professor Kai London, CISO. Principle 20 of 300 on Assurance.</image:caption>
    </image:image>
  </url>
</urlset>
