Add internal links across blog, stories, and hub pages

src/content/blog/2025-02-04-the-case-for-open-source-compliance.mdx

@@ -12,15 +12,15 @@ In our past experience, my cofounder & I faced a harsh reality with compliance
 tools:
 
 - Basic functionality hidden behind a $10k paywall
-- Rigid, one-size-fits-all solutions that are not tailored to your business
+- Rigid, [one-size-fits-all solutions](/blog/2025-02-17-why-a-one-size-fit-all-solution-like-vanta-is-not-ideal) that are not tailored to your business
 - No guidance, leaving you guessing what you actually need to do
 
 That's why we are building Probo.
 
 ## The Compliance Tool Trap
 
 When building a new product, you're juggling dozens of priorities. Then
-suddenly, a customer asks for SOC 2 report.
+suddenly, a customer asks for a [SOC 2](/blog/2025-10-28-what-is-soc2) report.
 
 1. You will take a 30 minutes sales call to get a price indexed on how desperate
    you are
@@ -52,11 +52,11 @@ Here is our vision of how compliance should work:
   integration is missing, feel free to build it and add it to the product. It
   will save you time in the long run and benefit the whole community.
 
-- **Pay only for actual value-added services, with transparent pricing:** You
+- **Pay only for actual value-added services, with [transparent pricing](/pricing):** You
   should be able to test the product before you buy. Our price will always be
   fair, transparent and predictable.
 
 <br />
 
-If you’re aligned with our vision and would like to contribute, please reach
-out!
+If you’re aligned with our vision and would like to contribute, please [reach
+out](/contact)!

src/content/blog/2025-02-17-why-a-one-size-fit-all-solution-like-vanta-is-not-ideal.mdx

@@ -10,7 +10,7 @@ ogImage: "/blog/Why_one_size_solution_is_not_ideal.png"
 ---
 
 The compliance industry is obsessed with standardization. Big tech dumps
-millions into compliance, while startups get shoved down the SOC2 (or ISO27001)
+millions into compliance, while startups get shoved down the [SOC 2](/blog/2025-10-28-what-is-soc2) (or [ISO 27001](/blog/2025-10-08-soc2-or-iso27001))
 rabbit hole. Unable to grasp the complexity, most startups cave and play the
 "check all boxes" game.
 
@@ -89,10 +89,10 @@ wastes time and creates false assurance.
 
 Your compliance needs are as unique as your business model. Understand your
 risks first. Build meaningful processes. Don't outsource your thinking to a
-template.
+template. There is a better way -- read about [the case for open-source compliance](/blog/2025-02-04-the-case-for-open-source-compliance).
 
 Remember: compliance isn't about making auditors happy - you can push back: they
 don’t know your company as well as you.
 
 It's about proving to stakeholders that you run your business responsibly, not
-just ticking boxes.
+just ticking boxes. See how real companies have taken this approach in our [customer stories](/stories).

src/content/blog/2025-03-04-what-is-soc2-cost.mdx

@@ -15,7 +15,7 @@ You've probably searched "SOC 2 compliance cost" a dozen times already. And ever
 
 Here's the truth that most vendors won't tell you upfront: SOC 2 pricing is deliberately opaque. Auditors quote ranges so wide they're almost meaningless. Compliance platforms bury their real costs behind "contact sales" buttons. And consultants? They benefit from your confusion. The less you know, the more they can charge.
 
-Before we dive into specific numbers, understand this: SOC 2 cost isn't a single line item. It's a combination of audit fees, internal resources, tooling, and ongoing maintenance. The total investment for most growing companies ranges from **$25,000 to $150,000+** for year one, depending on your approach.
+Before we dive into specific numbers, understand this: [SOC 2](/blog/2025-10-28-what-is-soc2) cost isn't a single line item. It's a combination of audit fees, internal resources, tooling, and ongoing maintenance. The total investment for most growing companies ranges from **$25,000 to $150,000+** for year one, depending on your approach.
 
 Here's what you actually need to budget for and where you can avoid unnecessary spending.
 
@@ -32,7 +32,7 @@ Sounds simple. But costs can stack up fast.
 The SOC 2 audit is your official proof of compliance. Costs depend on the scope:
 
 - **Type 1 Audit** – A one-time snapshot of your security controls. Faster, cheaper. (The starting point for companies facing their first enterprise deal with a compliance requirement.)
-- **Type 2 Audit** – Assesses your security over a period (3-12 months). Takes longer, costs more.
+- **Type 2 Audit** – Assesses your security over a period (3-12 months). Takes longer, costs more. See our guide on [how long SOC 2 actually takes](/blog/2025-10-09-how-long-for-soc2) for a detailed timeline.
 
 **Budget:** For a small business, $6,000–$7,000 is a reasonable budget.
 
@@ -78,7 +78,7 @@ Not everything the compliance industry pushes is necessary.
 
 ### **Penetration testing**
 
-SOC 2 doesn't require penetration testing. For early-stage startups, it might not even be useful—your product is still evolving, and security testing makes more sense once it stabilizes.
+[SOC 2 doesn't require penetration testing](/blog/2025-10-19-do-you-need-pen-test-for-soc2). For early-stage startups, it might not even be useful—your product is still evolving, and security testing makes more sense once it stabilizes.
 
 If you do go for it, manual testing is worth it.
 
@@ -114,4 +114,4 @@ SOC 2 compliance doesn't need to cost six figures. With a lean approach, small b
 
 ## **SOC 2 with Probo**
 
-If you want a SOC 2 report **without turning compliance into a second full-time job**, [Probo](https://www.getprobo.com/) is a great fit. You get a **hands-off compliance service** (so your team isn't stuck writing policies, chasing evidence, and managing auditors) paired with an **open-source platform** that keeps everything structured, auditable, and easy to maintain year after year.
+If you want a SOC 2 report **without turning compliance into a second full-time job**, [Probo](https://www.getprobo.com/) is a great fit. You get a [hands-off compliance service](/blog/2025-10-17-what-is-hands-off-compliance) (so your team isn't stuck writing policies, chasing evidence, and managing auditors) paired with an **open-source platform** that keeps everything structured, auditable, and easy to maintain year after year.

src/content/blog/2025-10-08-soc2-or-iso27001.mdx

@@ -102,16 +102,16 @@ However, this is where startups can make a critical mistake: they are not interc
 
 **So, which one should you choose?**
 
-- Choose SOC 2 if: Your primary customers and growth plans are in North America.
-- Choose ISO 27001 if: You are targeting international markets or want to prove you have a globally recognized security program.
+- Choose SOC 2 if: Your primary customers and growth plans are in North America. Learn more about [what SOC 2 involves](/blog/2025-10-28-what-is-soc2) and [how long it takes](/blog/2025-10-09-how-long-for-soc2).
+- Choose ISO 27001 if: You are targeting international markets or want to prove you have a globally recognized security program. See our guide on [how long ISO 27001 certification takes](/blog/2025-10-12-how-long-for-iso27001).
 
-Making this choice and then navigating the complexities of either framework can be a significant challenge for a growing startup.
+Making this choice and then navigating the [steps toward compliance](/blog/2025-09-11-what-are-the-steps-toward-compliance) can be a significant challenge for a growing startup.
 
 That’s why Probo exists: to provide expert guidance on which path is right for your business and then manage the entire compliance journey for you.
 
 **The long term play: What if you need both?**
 
-As you scale, you will likely find that you need both. It is a common journey for successful startups. They often start with SOC 2 to win the North American market and later add ISO 27001 as they expand into Europe and Asia.
+As you scale, you will likely find that you need both. It is a common journey for successful startups. They often start with SOC 2 to win the North American market and later add ISO 27001 as they expand into Europe and Asia. You can see this journey in practice with companies like [Vybe (SOC 2)](/stories/vybe-soc2) and [Ahrefs (ISO 27001)](/stories/ahrefs-iso).
 
 The good news is that the work you do for one can be leveraged for the other. Achieving the second framework is significantly easier than the first because the underlying controls overlap. This is where proper foundations become critical. At Probo, we do not just get you compliant for today. We build a security foundation that makes it easy to grow with it or to add new frameworks as your business grows, saving you time and resources.
 

src/content/blog/2025-10-09-how-long-for-soc2.mdx

@@ -7,7 +7,7 @@ author:
 ogImage: "/blog/How_long_does_it_takes_to_be_soc2_compliant.png"
 ---
 
-For any small company, the question "How long does it take to get SOC 2 compliant?" is one of the first and most critical hurdles. The answer isn't a simple number; it varies with the size of the organization (it is harder to change the way people work) and the complexity of your technical stack. Understanding the requirements is essential for planning resources, managing prospect and customer expectations, and unlocking the enterprise deals that depend on it. This guide breaks down the traditional SOC 2 timeline into phases so you know exactly what to expect.
+For any small company, the question "How long does it take to get [SOC 2](/blog/2025-10-28-what-is-soc2) compliant?" is one of the first and most critical hurdles. The answer isn't a simple number; it varies with the size of the organization (it is harder to change the way people work) and the complexity of your technical stack. Understanding the requirements is essential for planning resources, managing prospect and customer expectations, and unlocking the enterprise deals that depend on it. This guide breaks down the traditional SOC 2 timeline into phases so you know exactly what to expect.
 
 **Key Takeaways**
 
@@ -20,7 +20,7 @@ The journey to SOC 2 compliance is typically broken down into four distinct phas
 
 **Phase 1: Readiness and remediation (the heavy lifting)** _Timeline: \~1 to 4 months_
 
-This is the foundational stage and the longest part of the process. It's where you do the actual work of becoming compliant before an auditor ever gets involved. This includes scoping, gap analysis, implementing controls, and creating documentation and policies. Even with automation tools, expect readiness to take at least a month of effort - you have to figure out what is relevant for you, implement it and document everything.
+This is the foundational stage and the longest part of the process. It's where you do the actual work of becoming compliant before an auditor ever gets involved. This includes scoping, gap analysis, implementing controls, and creating documentation and policies. Even with automation tools, expect readiness to take at least a month of effort - you have to figure out what is relevant for you, implement it and document everything. For a full breakdown of what this phase costs, see [what SOC 2 compliance costs](/blog/2025-03-04-what-is-soc2-cost).
 
 **Phase 2: The audit window (the observation period)** _Timeline: 3 to 12 months (Type II only)_
 
@@ -46,8 +46,8 @@ Here’s how we do it:
 - **We do the heavy lifting for you:** Our expert team acts as your dedicated compliance partner. We create the necessary documents (policies, risk analyses, etc.) to match your ways of working and handle the entire audit process on your behalf (you still need to meet the auditor, it is part of his/her job).
 - **We free up your engineers:** We give your team a practical, prioritized checklist of only the necessary security controls. This means they can stay focused on building your product, not on becoming compliance experts.
 
-Once you are SOC 2, we continue to work with you to run your processes and to help you improve your overall security posture over time - continuous improvement is key!
+Once you are SOC 2, we continue to work with you to run your processes and to help you improve your overall security posture over time - continuous improvement is key! See how [Vybe achieved their SOC 2 report](/stories/vybe-soc2) with Probo.
 
 **Conclusion**
 
-While the traditional path to SOC 2 compliance can be a long and demanding journey, it doesn't have to be that way for your company. Probo’s expert-led, "done-for-you" service was designed to handle the entire process on your behalf. We replace the 3 to 6 months of manual readiness work with a fast, tailored program, ensuring you get SOC 2 will not be a burden. Probo helps you build the foundation of trust and security you need to close bigger deals and grow with confidence.
+While the traditional path to SOC 2 compliance can be a long and demanding journey, it doesn't have to be that way for your company. Probo’s expert-led, [done-for-you service](/blog/2025-10-17-what-is-hands-off-compliance) was designed to handle the entire process on your behalf. We replace the 3 to 6 months of manual readiness work with a fast, tailored program, ensuring you get SOC 2 will not be a burden. Probo helps you build the foundation of trust and security you need to close bigger deals and grow with confidence.

src/content/blog/2025-10-12-how-long-for-iso27001.mdx

@@ -16,13 +16,13 @@ faqs:
     answer: "ISO 27001 is not a one-time event. After your initial certification, you will have annual surveillance audits to ensure you are maintaining and continually improving your ISMS."
 ---
 
-Even for small companies, achieving ISO 27001 certification can be a significant project that typically takes between 3 to 8 months. This guide breaks down the timeline into clear phases so you know exactly what to expect.
+Even for small companies, achieving [ISO 27001 certification](/blog/2025-10-08-soc2-or-iso27001) can be a significant project that typically takes between 3 to 8 months. This guide breaks down the timeline into clear phases so you know exactly what to expect.
 
 **Key Takeaways**
 
 - **Expect a 3 to 8-month journey:** For most small to medium-sized businesses, the entire ISO 27001 certification process from start to finish takes about 3 to 8 months.
 - **Size and complexity matter:** The timeline can be shorter (2-4 months) for very small, agile startups with a simple tech stack, but it extend beyond a year for larger or more complex organizations.
-- **It's a phased project:** The process is not a single sprint. It's a structured project with distinct phases, including scoping, risk assessment, implementation, and the final audits.
+- **It's a phased project:** The process is not a single sprint. It's a structured project with [distinct phases toward compliance](/blog/2025-09-11-what-are-the-steps-toward-compliance), including scoping, risk assessment, implementation, and the final audits.
 
 ## **Breaking down the ISO 27001 timeline**
 
@@ -40,7 +40,7 @@ This is the core of the ISO 27001 process. Your team will conduct a formal risk
 
 **Phase 3: Implementation (month 2-4)**
 
-This is often the longest and most resource-intensive phase. Here, you put the selected controls and policies into action. This involves everything from writing new security policies and training your staff to implementing technical controls like access management and data encryption.
+This is often the longest and most resource-intensive phase. Here, you put the selected controls and policies into action. This involves everything from writing new security policies and training your staff to implementing technical controls like access management and data encryption. Some organizations also choose to conduct a [penetration test](/blog/2025-10-23-do-you-need-pen-test-for-iso27001) during this phase to validate their technical controls.
 
 **Phase 4: Audits and certification (months 5-6)**
 
@@ -77,7 +77,7 @@ For most startups, the risk assessment and implementation phases (Phases 2 and 3
 
 **3\. Do we need a dedicated person to manage the ISO 27001 project?**
 
-Yes, you will need a dedicated project lead. However, this person doesn't have to be a full-time compliance expert. In small companies, it is usually the CEO or the CTO. Many startups have found success by partnering with a compliance team like us which acts as your dedicated compliance team, managing the project during implementation, streamlining the audit and running your ISMS documentation for you.
+Yes, you will need a dedicated project lead. However, this person doesn't have to be a full-time compliance expert. In small companies, it is usually the CEO or the CTO. Many startups have found success by partnering with a compliance team like us which acts as your dedicated compliance team, managing the project during implementation, streamlining the audit and running your ISMS documentation for you. See how [Lucis achieved their ISO 27001 certification](/stories/lucis-iso) with this approach.
 
 **4\. What happens after we get certified?**
 

src/content/blog/2025-10-19-do-you-need-pen-test-for-soc2.mdx

@@ -20,7 +20,7 @@ faqs:
 
 If you're preparing for SOC 2, you've probably asked yourself: “Do we actually need a penetration test?”
 
-It’s a valid question, especially since the SOC 2 framework never explicitly uses the term “penetration test”. What SOC 2 technically requires is that you **identify and remediate security vulnerabilities**, which can be done through either a vulnerability assessment or a penetration test.
+It’s a valid question, especially since the [SOC 2 framework](/blog/2025-10-28-what-is-soc2) never explicitly uses the term “penetration test”. What SOC 2 technically requires is that you **identify and remediate security vulnerabilities**, which can be done through either a vulnerability assessment or a penetration test.
 
 However, in practice, auditors and security-conscious customers expect a penetration test.
 
@@ -91,7 +91,7 @@ In fact, doing a pen test too early can be wasteful:
 - Engineering time is better spent building the product.
 
 **Best practice:**  
-Build your product → implement basic security hygiene → pursue SOC 2 (and pen testing) when a customer or partner explicitly requires it.
+Build your product → implement basic security hygiene → pursue SOC 2 (and pen testing) when a customer or partner explicitly requires it. For a full overview of [the steps toward compliance](/blog/2025-09-11-what-are-the-steps-toward-compliance), see our dedicated guide.
 
 ### How Probo helps
 
@@ -107,7 +107,7 @@ So you don’t have to manage yet another project.
 ### Conclusion
 
 A penetration test isn’t technically mandatory in SOC 2 but it has become the industry norm and auditor expectation.
-However, if your startup is still early, or no one is asking for it yet, it is perfectly okay to wait.
+However, if your startup is still early, or no one is asking for it yet, it is perfectly okay to wait. If you're also considering ISO 27001, we cover the same question in [do you need a pen test for ISO 27001](/blog/2025-10-23-do-you-need-pen-test-for-iso27001).
 
 ### Frequently asked questions
 
@@ -131,4 +131,4 @@ That’s normal. Auditors don’t expect perfection, just a process. What matter
 - You can show evidence of doing so.
 
 **5. How much does a penetration test cost?**  
-Typically **$2,000 to +$25,000+**, depending on scope, infrastructure complexity, and testing type.
+Typically **$2,000 to +$25,000+**, depending on scope, infrastructure complexity, and testing type. For a broader view of all costs involved, see [what SOC 2 compliance costs](/blog/2025-03-04-what-is-soc2-cost).