The same "prompt-craft" that folks are learning with the Dall-E and Stable Diffusion derivatives is relevant to interacting with text-davinci-003.
Example as a colleague and I kicked the tires yesterday, first his question:
. . .
Q: What happened in the 2019 capital one data breach? What improvements could be made to the cloud architecture to eliminate the attack surface entirely?
A: In the 2019 Capital One data breach, a hacker was able to gain access to the company's cloud storage system and steal the personal information of over 100 million customers. Improvements that could be made to the cloud architecture to eliminate the attack surface entirely include implementing multi-factor authentication, encrypting data at rest, and using a zero-trust security model.
Ok, so maybe it can’t be a CISO yet, but it’s getting close
. . .
My rephrased prompt-craft version:
. . .
Q. What was the root cause of the 2019 Capital One data breach? What changes should engineers make to their AWS architecture to prevent similar attacks?
A. The root cause of the 2019 Capital One data breach was a misconfigured web application firewall (WAF) on an Amazon Web Services (AWS) cloud computing platform. The attacker was able to exploit a vulnerability in the WAF, allowing them to access and exfiltrate data from Capital One’s systems.
To prevent similar attacks, engineers should take the following steps:
1. Implement least privilege access – Ensure only essential users have access to critical systems.
2. Monitor user access – Track user activity and log all changes to the environment.
3. Utilize multi-factor authentication – Require users to submit additional identity verification measures (e.g., two-factor authentication) for more secure logins and account access.
4. Implement security auditing/alerts – Set up automated alerts for any suspicious activity or changes in user behavior or credentials that could indicate a breach or attempted breach.
5. Use encryption – Encrypt user data to protect it from unauthorized access in transit or at rest on AWS servers, databases, and other storage systems.
6. Regularly patch vulnerabilities – Make sure all software and applications are up-to-date with the latest security patches released by AWS and other vendors as soon as they are available to reduce the possibility of an attack exploiting any known vulnerabilities in these systems.
. . .
My take:
OK CISO, prompt-craft FTW
Colleague's response needed no summarization:
OMG
Seriously, omg
. . .
PS. Colleague's question and answer is actually what an enterprise CISO gets asked and has to answer in the board room. Mine is what the deputy CISO has to know and implement. :-)
Example as a colleague and I kicked the tires yesterday, first his question:
. . .
Q: What happened in the 2019 capital one data breach? What improvements could be made to the cloud architecture to eliminate the attack surface entirely?
A: In the 2019 Capital One data breach, a hacker was able to gain access to the company's cloud storage system and steal the personal information of over 100 million customers. Improvements that could be made to the cloud architecture to eliminate the attack surface entirely include implementing multi-factor authentication, encrypting data at rest, and using a zero-trust security model.
Ok, so maybe it can’t be a CISO yet, but it’s getting close
. . .
My rephrased prompt-craft version:
. . .
Q. What was the root cause of the 2019 Capital One data breach? What changes should engineers make to their AWS architecture to prevent similar attacks?
A. The root cause of the 2019 Capital One data breach was a misconfigured web application firewall (WAF) on an Amazon Web Services (AWS) cloud computing platform. The attacker was able to exploit a vulnerability in the WAF, allowing them to access and exfiltrate data from Capital One’s systems.
To prevent similar attacks, engineers should take the following steps:
1. Implement least privilege access – Ensure only essential users have access to critical systems.
2. Monitor user access – Track user activity and log all changes to the environment.
3. Utilize multi-factor authentication – Require users to submit additional identity verification measures (e.g., two-factor authentication) for more secure logins and account access.
4. Implement security auditing/alerts – Set up automated alerts for any suspicious activity or changes in user behavior or credentials that could indicate a breach or attempted breach.
5. Use encryption – Encrypt user data to protect it from unauthorized access in transit or at rest on AWS servers, databases, and other storage systems.
6. Regularly patch vulnerabilities – Make sure all software and applications are up-to-date with the latest security patches released by AWS and other vendors as soon as they are available to reduce the possibility of an attack exploiting any known vulnerabilities in these systems.
. . .
My take:
OK CISO, prompt-craft FTW
Colleague's response needed no summarization:
OMG
Seriously, omg
. . .
PS. Colleague's question and answer is actually what an enterprise CISO gets asked and has to answer in the board room. Mine is what the deputy CISO has to know and implement. :-)