Omphaloskepsis, or how to make the most of ChatGPT

Introduction

We are well into the next revolution in the world of information. Generative AI is on the lips of everyone these days but so few now how to get the most of out these new tools. The secret is to use AI itself to help you get your comprehensive and thorough responses. Let's start with this prompt:

Help me understand why having an information security risk management program is vital to any modern company.

While asking that will give you some information, you'll only be scratching the surface of what ChatGPT can offer. Use the steps below to craft a better prompt.

Step 1: Contextualize

The first step in building any query is to define what it is you are looking for. Don't worry about including every detail here, we will get those later. Ask yourself questions about the context of your question like:

• Who will be reading the output of this? Is it executives, an external person, a regulator, or just an intern?
• In the query above, think about "modern company." What does that mean? Is it an enterprise or a local store? What industry are they in?
• Are there specific things you want covered in the response? In the query above, we might add that we want references to information security frameworks to boslter the response.

With the above in mind, let's change our query to this:

Help me understand why having an information security risk management program is vital to a large company in the financial sector. Back up your response with citations to external resources like news stories and industry standard frameworks. The audience for this response will be sales engineers selling security services.

Step 2: Clarify

ChatGPT works best when you are clear in what you want from it. Let's take a look at the "Help me understand why" part of our query. With that vague instruction, I'm not sure what information you are missing and how you want it said. You should also use clear action-oriented verbs like "explain," "show," "plan," or "design." Don't use complex language at this stage. Right now we want to let ChatGPT have some room for creativity in how it finds and presents the information.

Step 3: Prescribe and Proscribe

If you have specific requirements for what you want in your output, list them out. ChatGPT loves lists like an accountant loves their calculator. In a similar vein, tell it what you don't want. For example, I don't want it to make any jokes and I don't want it to refer to include any references to the healthcare sector.

Explain in simple language why having an information security risk management program is vital to a large company in the financial sector. The audience for this response will be sales engineers selling security services. Include in your output:

Step 4: Call for Reinforcements

Now we call on ChatGPT itself to tell us what it wants. It knows itself better than anyone. First off we want to follow the two steps above for creating a meta-prompt. This prompt will instruct ChatGPT to think about how your prompt is written and tell it to only think about that. At this stage we will also instruct it who it is pretending to be, in this case "an expert ChatGPT prompt engineer." This is called a Persona. It will help focus the intelligence behind the prompt and prevent it from veering off into a ditch.

So what do we want this new prompt engineer to do? Let's set out some goals:

1. Ask us for any information it might need to build a better prompt.
2. Figure out the best persona to use for the response.
3. Guide us in building out a response template for better results.
4. Help us give an example of what we want.
5. Be as clear in the request as possible, remove all the fluff.

Now let's write out our previous query with that in mind.

You are an expert ChatGPT prompt engineer. I want you to help me build a better prompt using the quote below. Here are my goals:

Including the "Do not give me" portion will force it to slow down and ask clarification questions first. Without that, it may just ask the questions and plow ahead without your answers. So go ahead and answer it's questions. In my case it came back with questions about:

1. Audience clarification: I answered that the audience are sales engineers who are beginners in the field of information security.
2. Tone and style: In this case we want the tone to be persuasive and professional since it is going to be used by a sales engineer.
3. Industry context: Here it wants to know if we want to highlight any specific challenges in this sector. I'm going to answer "No" to give it more room for creativity.
4. Frameworks and references: I want it to focus on a big framework for the financial sector so I'll answer "PCI-DSS."
5. Examples: For this, I'll tell it to use the biggest example I can think of (Equifax) but tell it also to use whatever other recent examples it feels like bolsters our case.

Step 5: Fine-tune

At this point you will have a very large example prompt to work with. Take a look at it and see if there are any sections you want added or removed. Remember that this is all a thread and it is building the response as it goes. We could ask it to remove the examples section or ask it to add a section for external links to references.

Please add a section to my prompt asking for external links to reference sources.

In my case, it put in the external link section but only included two links. You can go back up and edit your request to append "include at least four externally linked reference sources." The more specific you can get at this stage the better.

Lastly, do not be afraid to be verbose. ChatGPT prompts can be several pages long. I personally have been working on a query that is around 150 lines and it handles it just fine. If you find it is truncating the responses are not going into enough detail, try regenerating the response. Sometimes ChatGPT will just be lazy and needs a little prodding.

Step 6: Meta-meta-queries

If you are completely lost at the start, don't worry. Let's assume you are a sales engineer who's never dealt with information security or prompt engineering, you can still ask it for expertise on what to say. Just ask it to adopt the persona of someone you'd ask in real life, tell it that you have minimal expertise in those areas, and to devise a plan:

You are a CISO in the finance industry and an expert prompt engineer. I am a junior sales engineer at a security services company with no experience in information security or prompt engineering. Show me how I can use ChatGPT to learn about both topics. Include example queries. Do not include example responses. Be my teacher and walk me through this step-by-step.

Using that query I was able to get more than two dozen simple prompts to aid a metaphorical me in learning both subjects. You can also use what you learned above to improve those prompts.

Conclusion

Using the steps above, we've transformed a lackluster query into one that can generate a full report for you. In minutes you can have a report that would have taken you days to write before. Mastering this new world of prompt engineering will greatly enhance how you do your day-to-day work. I myself have used it in the past month to learn how to program in Python. Who knows what else it is going to teach me.

What topics are you looking forward to learning about? Are there any prompt building techniques you love to use? Join the discussion below!

And for those curious, omphaloskepsis means navel gazing, i.e. a means of meditating on one's own thoughts. I look forward to doing a little of that myself in order to write more articles for you all. Happy prompting folks!