Back in October of 2023, I was invited as a guest speaker at the ISC2 Global Security Congress in Nashville, Tennessee. However, that plan was thwarted at the last minute by American Airlines whom decided that an 18 hour layover in New York was just fine, and there were no other options to get there on time.
Winston Churchill said “never let a crisis go to waste”. So in that vein, I managed to organize a follow-up webinar (thank you ISC2!) to reach an even broader audience. This happened on November 29th 2023. Here is the link to the podcast.
https://www.brighttalk.com/webcast/13159/607298
Another benefit of waiting a little longer, is that my talk, now has to adapt to the changing AI landscape. What was once a conversation of optimal prompt engineering techniques for cybersecurity, has now morphed into leveraging custom GPTs specifically for cybersecurity. OpenAI has been going through a bit of a shake-up in the last while, but in parallel has been shipping some pretty groundbreaking stuff.
Custom Instructions
This is a way of telling ChatGPT who you are and what your primary objectives are. It will help it craft responses that are more relevant to you. There are also some tricks that can be used when creating these that will allow you to create “short-codes” that represent entire prompts from a single word, which in turn can be used as the framework for an optimized workflow, or even a chat based operating system. I will dive deep into shortcodes in my talk, and will update this article with details of that afterwards.
For more info on custom instructions see here: https://help.openai.com/en/articles/8096356-custom-instructions-for-chatgpt
Personas
One of the tactics that are used in prompt engineering, is to ask the model to adopt a persona. This can then force the system to respond in a certain way or context, such as an experienced malware researcher, penetration tester, or any other role that you can think of. This is like having an expert in every discipline available to you at all times, and it is the crux of most interactions with the platform. When creating a persona, it is important to include the following:
- Identity
- Characteristics
- Knowledge and expertise
- Experiences
- Motivations
- Context
The easy way to do this is just ask ChatGPT to create one for you, and it will do the heavily lifting. See here for an example. https://chat.openai.com/share/0fe94de0-ee77-4627-877f-7a327e8f0342
Plugins
OpenAI plugins connect ChatGPT to third-party applications. These plugins enable ChatGPT to interact with APIs defined by developers, enhancing ChatGPT’s capabilities and allowing it to perform a wide range of actions. Plugins enable ChatGPT to do things like:
Retrieve real-time information; e.g., web browsing, stock prices, the latest news, etc.
Retrieve knowledge-base information; e.g., company docs, personal notes, etc.
Assist users with actions; e.g., booking a flight, ordering food, API calls, etc.
Here is some more info on plugins: https://openai.com/blog/chatgpt-plugins
Custom GPTs
A custom GPT allows you to take the benefits of custom instructions, personas, plugins, and rolls them all into one for fast context switching. It also pre-populates the knowledge reference with uploaded docs. So if you wanted it to be an expert on NIST-CSF, or GDPR, or anything, then you upload the relevant knowledge sources and it will parse them before you start engaging with them.
OpenAI will be releasing a marketplace for these, so that people can create and monetize them. Currently, they can be created and shared, but there is no central way of searching for specific ones. Some enterprising people that cannot wait for the marketplace have started creating Git repos that have large lists of these custom GPTs. These list are manually maintained, so although they are great, they require manual work to maintain. Here are some of these:
- https://github.com/fr0gger/Awesome-GPT-Agents
- https://github.com/signalscorps/awesome-threat-intel-gpt-agents
Here is a great hack for creating your own custom list of GPTs. Google has indexed all of them, so with a bit of google dorking you can create your own. On google.com, in the search box, enter:
site:chat.openai.com/g intext:cyber
| Name | Description | Link |
| Cyber Sentinal | Explains data breaches, reasons, impacts, and identifies criminal group | https://chat.openai.com/g/g-gmjYzy6SC-cyber-sentinel |
| Cyber Mentor | Cybersecurity mentor teaching from the basics to advanced. | https://chat.openai.com/g/g-9PmeCxa4O-cyber-mentor |
| Cyber AI Assistant | 🐍 I’m a Python Web Scraping Expert, skilled in using advanced frameworks(E.g. selenium) and addressing anti-scraping measures 😉 Let’s quickly design a web scraping code together to gather data for your scientific research task 🚀 | https://chat.openai.com/g/g-6TW6hL3cK-cyber-scraper-seraphina-web-crawler |
Webinar
In my talk on November 29th, I will go into how to use specific custom GPTs, plugins, and custom instructions to aid in defensive security, with examples and workflows.
Discover more from Designing Risk in IT Infrastructure
Subscribe to get the latest posts sent to your email.
Designing Risk in IT Infrastructure 