Rod’s Blog

Share this post

Rod’s Blog
Rod’s Blog
Creating Better Prompts for a Security Assistant
Copy link
Facebook
Email
Notes
More

Creating Better Prompts for a Security Assistant

A guide to designing effective and engaging prompts that cover the key areas of cybersecurity.

Rod Trent
Jun 27, 2024
1

Share this post

Rod’s Blog
Rod’s Blog
Creating Better Prompts for a Security Assistant
Copy link
Facebook
Email
Notes
More
Share

Cybersecurity is a vital aspect of any organization's digital strategy. It involves protecting the data, systems, and networks from unauthorized access, theft, or damage. However, cybersecurity is not only a technical challenge, but also a human one. Users need to be aware of the risks, best practices, and policies that can help them safeguard their online assets and activities. A security assistant is a tool that can help users improve their cybersecurity awareness and behavior by providing them with timely and relevant prompts. Prompts are short messages that guide, remind, or persuade users to take specific actions or make informed decisions related to cybersecurity. In this article, we will discuss how to create better prompts for a security assistant that involve focusing on key areas of cybersecurity.

Key Areas of Cybersecurity

Cybersecurity is a broad and complex domain that covers many aspects of online security. However, some of the key areas that users should pay attention to are:

  • Password management: Users should create strong and unique passwords for each of their accounts, and use a password manager to store and manage them securely.

  • Phishing detection: Users should be able to recognize and avoid phishing emails, which are fraudulent messages that attempt to trick them into revealing their personal or financial information, or clicking on malicious links or attachments.

  • Device protection: Users should keep their devices updated with the latest security patches, use antivirus software, and enable encryption and lock screen features.

  • Data backup: Users should regularly backup their important data to a secure cloud service or an external hard drive, and delete any unnecessary or sensitive data from their devices.

  • Privacy settings: Users should review and adjust their privacy settings on their online accounts and applications and limit the amount of personal information they share online.

How to Create Better Prompts

Prompts are an effective way to influence user behavior and increase user engagement with a security assistant. However, not all prompts are created equal. Some prompts may be too vague, too frequent, too intrusive, or too boring, and may result in user annoyance, confusion, or disregard. To create better prompts, we suggest following these principles:

  • Be specific: Prompts should clearly state what the user should do, why they should do it, and how they should do it. For example, instead of saying "Change your password", a better prompt would say "Your password for your email account is weak and easy to guess. To protect your account from hackers, please create a new password that is at least 12 characters long and contains a mix of letters, numbers, and symbols."

  • Be relevant: Prompts should match the user's context, needs, and preferences. For example, a prompt about phishing detection should be triggered when the user receives a suspicious email, not when they are browsing the web. A prompt about device protection should be tailored to the user's device type, operating system, and security status.

  • Be timely: Prompts should be delivered at the right moment, when the user is most likely to pay attention and take action. For example, a prompt about password management should be shown when the user is creating or logging into an account, not when they are busy with another task. A prompt about data backup should be shown when the user has a low battery, a weak internet connection, or a large amount of data to backup.

  • Be engaging: Prompts should capture the user's interest and motivate them to act. For example, a prompt can use humor, storytelling, gamification, or social proof to make the message more appealing and persuasive. A prompt can also provide feedback, rewards, or incentives to reinforce the user's behavior and encourage them to continue.

General Examples for the Security Learner

Creating better prompts for a security assistant involves focusing on key areas of cybersecurity. Here are some generic examples:

  1. Password Security: "What are the best practices for creating a strong password?"

  2. Email Security: "How can I protect my email account from being hacked?"

  3. Virus Protection: "What steps should I take if I suspect my computer has been infected with a virus?"

  4. Phishing Awareness: "Can you explain what phishing is and how I can avoid it?"

  5. Two-Factor Authentication: "What is two-factor authentication and why is it important?"

  6. Wi-Fi Security: "How can I secure my home Wi-Fi network?"

  7. Public Wi-Fi Risks: "What are the risks of using public Wi-Fi and how can I mitigate them?"

  8. VPN Usage: "What is a VPN and how does it enhance security?"

  9. Account Compromise Signs: "What are the signs that my online accounts may have been compromised?"

  10. Ransomware Protection: "What is ransomware and how can I protect my data from it?"

  11. Smartphone Security: "What are the best practices for securing my smartphone?"

  12. Data Encryption: "What is encryption and why is it important for data security?"

  13. Social Media Security: "What are the steps to secure my social media accounts?"

  14. Firewall Protection: "What is a firewall and how does it protect my computer?"

  15. Online Banking Security: "What are the best security practices for online banking?"

  16. Software Updates: "What is a security patch and why is it important to keep my software updated?"

  17. Device Disposal: "What are the best practices for disposing of old devices securely?"

  18. Password Management: "What is a secure way to store and manage my passwords?"

  19. Cloud Storage Security: "What are the best security practices for using cloud storage?"

  20. Digital Certificates: "What is a digital certificate and how does it ensure secure communication?"

These prompts cover a wide range of cybersecurity topics and can help users gain a better understanding of how to protect their digital assets.

Prompt Examples for the Security Experienced

Creating better prompts for a security assistant involves focusing on key areas of cybersecurity. Here are some detailed prompts for seasoned cybersecurity engineers:

  1. Incident Response: "What are the key steps in an effective incident response plan?"

  2. Threat Hunting: "Can you explain the process of threat hunting and its importance in proactive security?"

  3. Advanced Persistent Threats: "What are Advanced Persistent Threats (APTs) and how can organizations defend against them?"

  4. Security Architecture: "What are the key considerations when designing a secure network architecture?"

  5. Cloud Security: "What are the unique security challenges presented by cloud environments and how can they be mitigated?"

  6. Security Policies: "What are the key elements that should be included in an organization's security policy?"

  7. Risk Assessment: "Can you explain the process of conducting a cybersecurity risk assessment?"

  8. Security Metrics: "What are some key security metrics that organizations should monitor and why?"

  9. Intrusion Detection Systems: "What are the differences between signature-based and anomaly-based intrusion detection systems?"

  10. Security Awareness Training: "What are the key components of an effective security awareness training program?"

  11. Data Loss Prevention: "What are the best practices for implementing a data loss prevention (DLP) strategy?"

  12. Encryption Algorithms: "Can you explain the differences between symmetric and asymmetric encryption algorithms?"

  13. Network Segmentation: "What is network segmentation and how does it enhance security?"

  14. Vulnerability Management: "What are the key steps in an effective vulnerability management process?"

  15. Security Standards: "Can you explain the role of standards like ISO 27001 and NIST in cybersecurity?"

  16. Zero Trust Architecture: "What is a Zero Trust architecture and how does it enhance security?"

  17. Security Automation: "What are the benefits and challenges of automating security processes?"

  18. Threat Intelligence: "What is threat intelligence and how can it be used to enhance security?"

  19. Penetration Testing: "What are the key steps in conducting a penetration test?"

  20. Incident Forensics: "What are the key steps in conducting a forensic analysis after a security incident?"

These prompts cover a wide range of advanced cybersecurity topics and can help seasoned cybersecurity engineers deepen their understanding and knowledge.

Prompt Examples for Copilot for Security Users

Copilot for Security is a virtual assistant designed to provide evidence-based, objective, and engaging responses to user queries related to cybersecurity. It is capable of analyzing and interpreting complex cybersecurity data, providing insights, and explaining cybersecurity concepts in a clear and understandable manner.

The assistant can handle a wide range of cybersecurity topics, including but not limited to, incident response, threat hunting, security architecture, cloud security, risk assessment, intrusion detection systems, data loss prevention, encryption algorithms, network segmentation, vulnerability management, zero trust architecture, security automation, threat intelligence, penetration testing, and incident forensics.

It is designed to assist both novice users seeking to understand basic cybersecurity concepts and seasoned cybersecurity engineers looking for detailed explanations of advanced topics. The assistant does not perform any actions on its own but provides information based on the data it is given.

There is a growing library of Copilot for Security prompts in the Copilot for Security Prompt Library. For examples, visit: https://aka.ms/CfSPromptLibrary

TLDR

A security assistant is a valuable tool that can help users enhance their cybersecurity awareness and behavior. However, to make the most of this tool, users need to receive effective and engaging prompts that cover the key areas of cybersecurity. By following the principles of specificity, relevance, timeliness, and engagement, we can create better prompts that can guide, remind, or persuade users to take the appropriate actions or make the informed decisions that can protect their online security.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[ Subscribe to the Bi-weekly Copilot for Security Newsletter]

[Subscribe to the Weekly SIEM and XDR Newlsetter]

[Learn KQL with the Must Learn KQL series and book]

[Learn AI Security with the Must Learn AI Security series and book]

** Need a Tech break?? Sure, we all do! Check out my fiction novel: Sword of the Shattered Kingdoms: Ancient Crystal of Eldoria

Rod’s Blog is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

1

Share this post

Rod’s Blog
Rod’s Blog
Creating Better Prompts for a Security Assistant
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More