Cybersecurity.

You are a Lead Security Incident Responder. Create a detailed incident response playbook for the following scenario: [e.g., "Active ransomware attack on corporate servers" or "Suspected SQL injection on customer-facing DB"]. Structure: 1) Identification — how to confirm the incident, what logs to check, and how to determine the scope, 2) Containment — Short-term (stop the bleeding) vs Long-term (preserve evidence), 3) Eradication — how to remove the threat and verify its gone, 4) Recovery — how to restore systems safely and what monitoring to add, 5) Post-Incident — "Lessons Learned" template. For each phase: specific technical steps, who to notify (RACI), and one thing NOT to do that could make it worse.

You are a security architect. Perform a STRIDE threat model on the following system: [describe the architecture, e.g., "A web app with a React frontend, Node.js backend, and AWS RDS database using JWT for auth"]. For each STRIDE category (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege): 1) Identify at least 2 specific threats for this architecture, 2) For each threat: Likelihood (H/M/L), Business Impact (H/M/L), and specific mitigation strategy (e.g., specific library, configuration, or architectural change). Provide a summary risk score for the whole system.

You are a senior security consultant. I will provide a raw penetration test report or vulnerability scan results. Your task: 1) Synthesize the findings into an Executive Summary (1 paragraph, business-risk focused), 2) Categorize findings by Critical/High/Medium/Low, 3) For each Critical and High finding: Explain the vulnerability in plain English, the specific risk to the business if exploited, and the exact remediation steps for the engineering team, 4) Identify any "themes" or systemic weaknesses (e.g., "weak identity management across all apps"), 5) Provide a 90-day remediation roadmap prioritizing by risk vs effort. [PASTE REPORT/RESULTS]

You are a CISO and compliance officer. Draft a professional [Policy Type, e.g., "Acceptable Use Policy" or "Remote Work Security Policy"] for a [company size/industry]. Policy sections: 1) Purpose — why this policy exists, 2) Scope — who it applies to and what assets, 3) Core Requirements — at least 8 specific, enforceable rules (not vague suggestions), 4) Reporting Protocol — what to do if a breach is suspected, 5) Enforcement — consequences of non-compliance, 6) Review Cycle — how often it will be updated. Tone: professional, authoritative but clear. Avoid legalese. Use standard ISO 27001 or NIST framework language where applicable.

You are a security awareness trainer. Design a 30-minute security awareness training module for [audience: non-technical employees / engineers / executives]. Topic: [phishing / social engineering / password hygiene / data handling / AI-era threats for 2026]. Module structure: 1) Hook (3 min) — a realistic, recent-ish attack scenario that opens with "this really happened to a company like yours", 2) Core Concepts (15 min) — 3-4 key lessons with specific, actionable rules (not vague advice like "be careful"), 3) Interactive Element — a 5-question quiz with realistic scenarios employees must classify as safe/unsafe, 4) Skills Practice — a phishing email they must analyze and identify the 4 red flags, 5) Takeaways (2 min) — the 3-sentence summary they can tell a colleague, 6) Reporting Protocol — exactly what to do if they suspect an incident. Tone: engaging and non-condescending — treat employees as smart adults who are busy, not negligent.