AI for Cybersecurity Workshop
Interactive Lab Workbook
Complete these hands-on exercises to practice using AI as an augmentation tool for cybersecurity tasks. Write your responses in the spaces provided.
Name:
Date:
Module 1: Prompt Engineering Fundamentals
Lab: CRAFT Your Prompt
Transform a vague prompt into a well-structured request using the CRAFT framework. Fill in each element below to build your complete prompt.
Starting Prompt (Weak):
“Help me understand network security.”
Context
What background information does the AI need?
Role
What role should the AI take?
Action
What specific action do you want the AI to take?
Format
How should the output be structured?
Tone
What tone or style should the response have?
Module 2: The Augmentation Mindset
Lab: Automation to Augmentation
Transform these “do it for me” automation prompts into “help me think” augmentation conversations.
Automation Prompt 1:
“Explain how SQL injection attacks work.”
Hint: Think about what YOU already understand and what specific gaps you're trying to fill.
Your Augmentation Version:
Automation Prompt 2:
“Write a vulnerability assessment report for my class project.”
Hint: Share YOUR findings first and ask AI to help you analyze and present them better.
Your Augmentation Version:
Automation Prompt 3:
“Give me a study guide for the CompTIA Security+ exam.”
Hint: Use AI as a study partner who knows your starting point, not just a content generator.
Your Augmentation Version:
Module 3: Critical Evaluation
Lab: VERIFY Evaluator
Evaluate the following AI-generated study guide using the VERIFY framework.
AI-Generated Study Guide: SQL Injection
SQL Injection Attack Summary for Cybersecurity 101 What is SQL Injection? SQL injection is when attackers insert malicious SQL code into user inputs to manipulate databases. It's been the #1 web vulnerability since 2005. How It Works: 1. Attacker finds a login form or search box 2. Instead of normal input, enters SQL code like: ' OR '1'='1 3. The database executes the malicious query 4. Attacker gains unauthorized access or extracts data Example Vulnerable Code: query = "SELECT * FROM users WHERE username='" + input + "'" Prevention Methods: - Use parameterized queries (100% effective) - Input validation - Web Application Firewalls - Disable detailed error messages Practice This: Try using sqlmap on DVWA or HackTheBox - it's how real pentesters find SQLi. Fun Fact: The 2017 Equifax breach was caused by SQL injection!
What facts need to be verified? Was SQLi really #1 since 2005? Is 'parameterized queries 100% effective' accurate? Was Equifax actually SQLi?
Does the explanation flow logically? Are there gaps in reasoning a beginner couldn't follow?
What perspectives might be missing? What about UNION attacks, blind SQLi, or other prevention methods?
How well does this fit YOUR learning needs? Would sqlmap help on your exam? Does this match what your professor taught?
What's study-worthy vs. what might confuse you or be incorrect?
Based on what you've learned in class, what would you change or add?
Module 4: Domain Expertise + AI
Lab: Context Builder
Build a context-rich prompt by capturing your expertise and situation. Choose a task you need help with and fill in each section.
Task Type (circle one):
Brief description of what you need:
Your Background
What's your current level and what have you already learned? (year, courses, skills, tools)
Assignment Requirements
What are the specific requirements? (class name, due date, professor's rules, restrictions)
What You've Done So Far
What have you already tried or accomplished? Where are you stuck?
Learning Goals
What do you want to understand, not just complete? What do you need to explain to your professor?
Module 5: Hands-On Practice
Lab: Practice Exercises
Complete these practice exercises to reinforce your prompt engineering skills.
Transform Vague Prompts
Prompt: "Explain network security to me."
Task: Rewrite using the CRAFT framework. Include your current course, what you already know, the specific topic you're struggling with, and how it relates to an upcoming exam or assignment.
Automation to Augmentation
Prompt: "Write my lab report on the vulnerability scan I did."
Task: Rewrite as an augmentation prompt. Share what you found first, then ask AI to help you understand the findings better and suggest how to structure your analysis.
Evaluate AI Output
Prompt: Ask AI to explain a cybersecurity concept you're studying.
Task: Use VERIFY to evaluate: Does this match what your professor taught? Are there technical inaccuracies? What important details might be missing?
Leverage Your Expertise
Prompt: Choose a lab assignment or project you're working on.
Task: Before asking AI, write out: what class this is for, what you've already tried, where you're stuck, what tools you have access to, and what you need to learn.
The Refinement Loop
Prompt: Ask AI to help you understand a CTF challenge or lab exercise.
Task: Document your 5 rounds: (1) Initial question, (2) Clarification on confusing parts, (3) Simpler analogy, (4) Real-world application, (5) Practice problems.
Module 6: Ethical Considerations
Lab: AI Ethics for Students
For each scenario, decide whether it's appropriate to use AI for your coursework and explain your reasoning.
Having AI write the analysis section of your lab report
Why?
Asking AI to explain a confusing concept from lecture in different words
Why?
Copying AI-generated code directly into your programming assignment
Why?
Asking AI to suggest places to look when you're stuck on a CTF challenge
Why?
Using AI to generate your entire study guide for an exam
Why?
Asking AI to help debug why your script isn't working
Why?
Final Reflection
After completing all the labs, reflect on what you've learned about using AI in your studies.
What was your biggest insight from these exercises?
How will you use AI to help you learn (not just complete assignments)?
What study tasks will you use AI for, and where will you rely on yourself?
AI for Cybersecurity Workshop - Lab Workbook
Save this page as PDF using your browser's Print function (Ctrl/Cmd + P)