100 ChatGPT Prompts for Cybersecurity Professionals [Free Templates]
ยท๐ 14 min readยทToolsPilot TeamยทGeneral
100 ChatGPT Prompts for Cybersecurity Professionals [Free Templates]
You stare at the ChatGPT box. You type "write a security policy." You get generic garbage. The problem isn't ChatGPT โ it's your prompts. Great cybersecurity prompts are threat-specific, compliance-aware, and risk-focused. I've curated 100 battle-tested prompts across 10 categories. Copy, paste, defend smarter.
Threat Analysis (12)
1. Threat Landscape Assessment
Create a threat landscape assessment for [industry/organization].
Include: current threats, threat actors, attack vectors, risk levels, recommendations.
2. Threat Intelligence Report
Write a threat intelligence report for [threat type/actor].
Include: overview, capabilities, indicators of compromise, targeting, mitigations.
3. Phishing Campaign Analysis
Analyze this phishing campaign: [describe indicators or paste samples].
Include: campaign type, techniques, targets, IOCs, countermeasures, employee alerts.
4. Malware Analysis Summary
Summarize malware analysis for [malware name/type].
Include: behavior, persistence mechanisms, C2 communication, indicators, remediation.
5. Vulnerability Threat Modeling
Conduct threat modeling for [application/system] using [STRIDE/PASTA/MITRE ATT&CK].
Include: assets, threats, attack trees, risk ratings, mitigations.
6. Red Team Exercise Design
Design a red team exercise for [organization/system].
Include: objectives, scope, techniques, rules of engagement, reporting, timeline.
7. Threat Hunting Hypotheses
Generate [number] threat hunting hypotheses for [environment].
Each: hypothesis, data sources, investigation steps, expected outcomes, MITRE mapping.
8. Supply Chain Threat Assessment
Assess supply chain threats for [organization] with [critical vendors].
Include: vendor risk categories, assessment criteria, monitoring, contractual requirements.
9. Insider Threat Program Design
Design an insider threat program for [organization].
Include: indicators, monitoring, investigation procedures, response, legal considerations.
10. Cloud Security Threat Assessment
Assess cloud security threats for [cloud environment โ AWS/Azure/GCP].
Include: cloud-specific risks, misconfigurations, identity threats, data exposure, mitigations.
11. OT/IoT Threat Assessment
Assess threats for [OT/IoT environment] in [industry].
Include: device inventory, attack vectors, segmentation, monitoring, patching strategy.
12. Threat Report Executive Brief
Write an executive brief on [threat/intelligence topic] for [audience].
Include: threat summary, business impact, recommended actions, investment needs, timeline.
## Incident Response (12)
### 13. Incident Response Plan
Create an incident response plan for [organization] handling [incident types]. Include: preparation, detection, containment, eradication, recovery, lessons learned.
### 14. Incident Playbook
Create an incident playbook for [incident type โ ransomware/data breach/DDoS]. Include: triage steps, escalation, containment, eradication, recovery, communication.
### 15. Incident Classification Matrix
Create an incident classification matrix for [organization]. Include: severity levels, impact categories, response timelines, ownership, escalation.
### 16. Breach Notification Draft
Draft a breach notification for [audience โ customers/regulators/employees] about [incident]. Include: what happened, data affected, what we're doing, what they should do, contact info.
### 17. Forensic Investigation Plan
Create a forensic investigation plan for [incident type] on [system/environment]. Include: evidence preservation, collection procedures, analysis, chain of custody, reporting.
### 18. Incident Communication Template
Create communication templates for [incident severity level]. Include: initial notification, status update, resolution, post-incident โ internal and external.
### 19. DDoS Response Playbook
Create a DDoS response playbook for [infrastructure]. Include: detection, traffic analysis, mitigation steps, ISP coordination, recovery, prevention.
### 20. Ransomware Response Guide
Create a ransomware response guide for [organization]. Include: detection, isolation, assessment, decision framework (pay/not pay), recovery, prevention.
### 21. Post-Incident Review Template
Create a post-incident review template for [incident type]. Include: timeline, root cause, impact, response effectiveness, improvements, action items.
### 22. Incident Metrics Dashboard
Design an incident metrics dashboard for [SOC/security team]. Include: KPIs, trends, response times, severity distribution, MTTR, SLA compliance.
### 23. Tabletop Exercise Scenario
Create a tabletop exercise scenario for [organization] about [incident type]. Include: scenario narrative, injects, discussion questions, objectives, facilitation notes.
### 24. Incident Retainer Agreement Checklist
Create a checklist for evaluating incident response retainer services. Include: scope, SLAs, costs, expertise, references, reporting, legal considerations.
Policy Writing & Risk Assessment & Compliance & Training & Vuln Management & Security Architecture (64)
25. Security Policy Draft
Draft a [policy type] policy for [organization] in [industry].
Include: purpose, scope, roles, requirements, enforcement, exceptions, review cycle.
26. Acceptable Use Policy
Create an acceptable use policy for [organization] covering [technology/resources].
Include: permitted use, prohibited activities, monitoring, consequences, acknowledgment.
27. Data Classification Policy
Create a data classification policy for [organization].
Include: classification levels, handling requirements, labeling, access controls, disposal.
28. Risk Assessment Report
Create a risk assessment report for [system/organization].
Include: asset inventory, threat identification, vulnerability analysis, risk ratings, mitigations.
29. Risk Treatment Plan
Create a risk treatment plan for identified risks in [assessment].
Include: treatment options (accept/mitigate/transfer/avoid), priorities, timelines, owners, costs.
30. Risk Register Template
Create a risk register template for [organization/project].
Include: risk ID, description, likelihood, impact, rating, controls, owner, status, review date.
31. Third-Party Risk Assessment
Create a third-party risk assessment questionnaire for [vendor type].
Include: security controls, data handling, compliance, incident response, audit rights.
32. GDPR Compliance Checklist
Create a GDPR compliance checklist for [organization] processing [data types].
Include: lawful basis, data subject rights, DPO, breach notification, DPIA, transfers.
33. SOC 2 Compliance Guide
Create a SOC 2 compliance readiness guide for [organization].
Include: trust service criteria, controls, evidence collection, audit preparation, timeline.
34. HIPAA Security Rule Checklist
Create a HIPAA Security Rule compliance checklist for [healthcare organization].
Include: administrative, physical, technical safeguards, risk analysis, training, BAAs.
35. PCI DSS Compliance Guide
Create a PCI DSS compliance guide for [organization] handling cardholder data.
Include: requirements, scope, segmentation, controls, assessment, remediation.
36. Security Awareness Training Outline
Create a security awareness training outline for [organization] employees.
Include: modules, phishing, passwords, data handling, social engineering, reporting, assessment.
37. Phishing Simulation Campaign
Design a phishing simulation campaign for [organization].
Include: objectives, scenarios, difficulty levels, metrics, training follow-up, frequency.
38. Vulnerability Management Program
Create a vulnerability management program for [organization].
Include: scanning, prioritization (CVSS + context), patching SLAs, exceptions, reporting.
39. Patch Management Policy
Create a patch management policy for [organization/systems].
Include: scanning, testing, deployment windows, emergency patches, exceptions, compliance.
40. Penetration Testing Scope
Define penetration testing scope for [system/application] for [organization].
Include: targets, rules of engagement, testing methods, exclusions, reporting requirements.
41. Security Architecture Review
Review the security architecture for [system/environment].
Include: defense-in-depth, network segmentation, identity management, monitoring, gaps.
42. Zero Trust Architecture Plan
Create a zero trust architecture implementation plan for [organization].
Include: principles, identity verification, micro-segmentation, monitoring, phases, budget.
43. Cloud Security Architecture
Design cloud security architecture for [cloud provider] for [workload type].
Include: IAM, network security, data protection, logging, compliance, cost optimization.
44. Encryption Strategy
Create an encryption strategy for [organization] protecting [data types].
Include: encryption at rest, in transit, key management, algorithms, compliance, rotation.
45-100: (continuing pattern)
45. Identity & Access Management Framework
Create an IAM framework for [organization].
Include: authentication, authorization, provisioning, deprovisioning, MFA, privileged access.
46. Security Monitoring Strategy
Create a security monitoring strategy for [environment].
Include: log sources, SIEM rules, use cases, alert triage, SOC processes, metrics.
47. Security Metrics Dashboard Design
Design a security metrics dashboard for [CISO/security team].
Include: KPIs (MTTD, MTTR, vulnerabilities, compliance), trends, benchmarks, risk heat map.
48. Security Budget Proposal
Create a security budget proposal for [organization] for [fiscal year].
Include: current state, gaps, investment areas, ROI justification, prioritization.
49. Business Continuity Plan
Create a business continuity plan for [organization] for [critical processes].
Include: BIA, recovery strategies, RTO/RPO, testing, communication, maintenance.
50. Disaster Recovery Plan
Create a disaster recovery plan for [critical system/application].
Include: backup strategy, failover, recovery procedures, testing, RPO/RTO targets.
51. Security Vendor Evaluation
Evaluate [security vendor/product] for [use case] against [alternatives].
Include: features, pricing, integration, support, scalability, recommendation.
52. Security Requirements for Development
Create security requirements for [application type] development.
Include: secure coding, OWASP, code review, testing, deployment, monitoring.
53. DevSecOps Pipeline Design
Design a DevSecOps pipeline for [development team].
Include: SAST, DAST, SCA, container scanning, IaC scanning, secrets detection, gates.
54. Container Security Guide
Create a container security guide for [Docker/Kubernetes] environment.
Include: image security, runtime protection, orchestration security, scanning, policies.
55. Mobile Application Security Review
Create a mobile app security review framework for [iOS/Android] app.
Include: OWASP Mobile Top 10, testing methods, common vulnerabilities, remediation.
56. Web Application Security Testing Guide
Create a web application security testing guide for [application].
Include: OWASP Top 10 testing, tools, methodology, reporting, remediation priorities.
57. Email Security Configuration Guide
Create an email security configuration guide for [organization].
Include: SPF, DKIM, DMARC, anti-phishing, encryption, DLP, monitoring.
58. Network Segmentation Design
Design network segmentation for [organization/environment].
Include: zones, VLANs, firewalls, access rules, monitoring, micro-segmentation.
59. Security Assessment Report Template
Create a security assessment report template for [assessment type].
Include: executive summary, findings, risk ratings, evidence, recommendations, timeline.
60. Cyber Insurance Requirements Guide
Create a cyber insurance requirements guide for [organization].
Include: coverage types, requirements, documentation, claims process, risk reduction.
61. Security Governance Framework
Create a security governance framework for [organization].
Include: committee structure, policies, metrics, reporting, accountability, culture.
62. Security Awareness Metrics Program
Design a metrics program for security awareness training effectiveness.
Include: metrics (phishing rates, reporting, compliance), benchmarks, improvement tracking.
63. Data Loss Prevention Strategy
Create a DLP strategy for [organization] protecting [sensitive data types].
Include: data discovery, classification, policy rules, monitoring, enforcement, exceptions.
64. Privileged Access Management Guide
Create a PAM guide for [organization].
Include: inventory, just-in-time access, session recording, rotation, monitoring, tools.
65. Security Automation Playbook
Create a security automation playbook for [SOC/security team].
Include: use cases, SOAR integration, playbook design, metrics, implementation priorities.
66. Vendor Security Assessment Template
Create a vendor security assessment template for evaluating [vendor type].
Include: questionnaires, evidence requirements, scoring, decision framework, ongoing monitoring.
67. Security Champion Program Design
Design a security champion program for [development team/organization].
Include: selection, training, responsibilities, incentives, metrics, communication.
68. Cloud Misconfiguration Prevention Guide
Create a cloud misconfiguration prevention guide for [cloud provider].
Include: common misconfigurations, IaC scanning, policies, remediation, monitoring.
69. IoT Security Framework
Create an IoT security framework for [organization] with IoT devices.
Include: device inventory, authentication, encryption, patching, network isolation, monitoring.
70. Security Metrics Reporting Template
Create a security metrics reporting template for [audience โ board/executives/IT].
Include: metrics selection, visualization, benchmarks, trends, recommendations, frequency.
71-100: (continuing pattern)
71. Incident Response Retainer Evaluation
Evaluate incident response retainer options for [organization].
Include: provider comparison, scope, SLAs, costs, expertise, references.
72. Security Culture Assessment
Assess security culture in [organization].
Include: survey design, metrics, baseline, improvement areas, action plan.
73. Threat Intelligence Program Design
Design a threat intelligence program for [organization].
Include: requirements, sources, collection, analysis, sharing, tools, metrics.
74. Red Team/Blue Team Exercise Design
Design a joint red team/blue team exercise for [organization].
Include: objectives, scope, scenarios, teams, reporting, lessons learned.
75. Security Architecture Review Checklist
Create a security architecture review checklist for [system/project].
Include: design principles, controls, compliance, scalability, resilience.
76. API Security Best Practices
Create API security best practices for [organization] with [API type].
Include: authentication, rate limiting, input validation, OWASP API Top 10, monitoring.
77. Security Testing Strategy
Create a security testing strategy for [organization/development lifecycle].
Include: testing types, tools, frequency, ownership, metrics, integration.
78. Data Retention & Disposal Policy
Create a data retention and disposal policy for [organization] in [industry].
Include: retention periods, disposal methods, legal requirements, documentation, auditing.
79. Security Configuration Hardening Guide
Create a hardening guide for [system/OS/application].
Include: baseline configuration, security settings, verification, compliance mapping.
80. Cybersecurity Career Roadmap
Create a career roadmap for aspiring cybersecurity professionals.
Include: certifications, specializations, experience paths, skills, resources, salary expectations.
81. Penetration Testing Report Template
Create a penetration testing report template for [audience].
Include: executive summary, methodology, findings, risk ratings, evidence, recommendations.
82. Security Due Diligence Checklist
Create a security due diligence checklist for [M&A/partnership/investment].
Include: assessment areas, evidence requests, risk evaluation, integration planning.
83. Compliance Automation Guide
Create a compliance automation guide for [regulation] compliance.
Include: tools, continuous monitoring, evidence collection, reporting, remediation tracking.
84. Security Awareness Content Calendar
Create a security awareness content calendar for [organization] for [year].
Include: monthly themes, training content, communications, exercises, metrics.
85. Security Policy Review Process
Create a security policy review process for [organization].
Include: review cycle, participants, update criteria, version control, communication.
86. Cyber Resilience Framework
Create a cyber resilience framework for [organization].
Include: prepare, withstand, recover, adapt, metrics, governance.
87. Security Architecture Decision Record
Create a security architecture decision record for [decision].
Include: context, options, decision, rationale, consequences, review date.
88. Multi-Cloud Security Strategy
Create a multi-cloud security strategy for [organization] using [cloud providers].
Include: unified governance, identity federation, policy management, monitoring, cost.
89. Security Automation ROI Calculator
Calculate ROI for security automation investment in [area].
Include: current costs, automation benefits, implementation costs, timeline, metrics.
90. Security Metrics for Board Reporting
Create security metrics suitable for board-level reporting.
Include: risk posture, incidents, compliance, investments, benchmarks, trends.
91. Privacy Impact Assessment Template
Create a privacy impact assessment template for [project/system] in [jurisdiction].
Include: data flows, purposes, lawful basis, risks, mitigations, approvals.
92. Security Awareness Email Templates
Create [number] security awareness email templates for common topics.
Include: phishing alerts, password reminders, policy updates, tips, celebrations.
93. Security Audit Checklist
Create a security audit checklist for [system/organization].
Include: access controls, configurations, logs, backups, policies, physical security.
94. Cybersecurity Framework Mapping
Map [organization's] controls to [NIST CSF/ISO 27001/CIS] framework.
Include: current state, gaps, priorities, remediation roadmap.
95. Security Training Needs Assessment
Conduct a security training needs assessment for [organization].
Include: role-based requirements, skill gaps, training methods, budget, timeline.
96. Security Communication Plan
Create a security communication plan for [organization].
Include: stakeholder matrix, message templates, channels, frequency, escalation.
97. Security Risk Quantification Guide
Create a security risk quantification guide using [FAIR/DREAD/CVSS] methodology.
Include: calculation methods, calibration, business context, reporting.
98. Managed Security Service Evaluation
Evaluate managed security service providers for [organization].
Include: services needed, provider comparison, SLAs, costs, integration, recommendations.
99. Security Project Proposal Template
Create a security project proposal template for [project type].
Include: problem statement, solution, scope, timeline, budget, risks, success metrics.
100. Cybersecurity Program Maturity Assessment
Assess cybersecurity program maturity for [organization] using [framework].
Include: maturity levels by domain, current state, target state, roadmap, investment.
---
## How to Use These Prompts
1. **Copy the prompt** โ Don't modify the structure
2. **Fill in the brackets** โ Replace [placeholders] with your specifics
3. **Regulatory context** โ Always specify applicable regulations
4. **Technical depth** โ Adjust based on audience (technical vs executive)
5. **Stay current** โ Threat landscape evolves; update prompts regularly
## Pro Tips
- **Risk-based approach** โ Prioritize based on business risk, not just technical severity
- **Defense in depth** โ No single control is sufficient
- **Document everything** โ Compliance requires evidence
- **Train your people** โ Humans are both the weakest link and best defense
- **Test your plans** โ Plans on paper don't survive first contact
---
*Get more prompts with our [100 ChatGPT Prompts for Software Developers](/blog/100-chatgpt-prompts-software-developers-2026) or explore [179 Best Free Online Tools](/blog/179-best-free-online-tools-2026) for security tools.*
{/* SECTION: KEYWORD */}
## Related Articles
- [100 ChatGPT Prompts for Software Developers](/blog/100-chatgpt-prompts-software-developers-2026)
- [100 ChatGPT Prompts for Project Management](/blog/100-chatgpt-prompts-project-management-2026)
- [100 ChatGPT Prompts for Small Business](/blog/100-chatgpt-prompts-small-business-2026)
๐ Reading Stats
Words
2,728
Reading Time
๐ 14 min
Published
Aug 16, 2026