Study Guide: Alex for Cybersecurity Students
Your reference for applying AI to threat analysis, security assessments, lab work, certification study, and hands-on defensive practice. Ready-to-run prompts — built around the real skills employers want, not just textbook definitions.
What This Guide Is Not
This is not a habit formation guide (see Self-Study Guide for that). This is a domain use-case library — how AI supports your cybersecurity education in practical, ethical, and professionally relevant ways.
Where to Practice These Prompts
Every prompt in this guide works with any AI assistant — ChatGPT, Claude, GitHub Copilot, Gemini, or whatever tool you prefer. The prompts are the skill; the tool is just where you type them. Pick the one you’re comfortable with and start today.
For an integrated experience, the Alex VS Code extension (free) was purpose-built for this workshop.
You don’t need a specific tool to benefit. You need the habit of thinking like an attacker to defend like a professional.
Core Principle for Cybersecurity Students
Cybersecurity is not about memorizing tools — it’s about understanding systems well enough to see where they break. The student who can explain why a vulnerability exists and what an attacker’s goal is will outperform the student who can run Nmap but cannot interpret the results. AI is your lab partner for thinking through attack paths, analyzing configurations, and building the mental models that make you dangerous to attackers — not to systems.
Ethics note: Every technique in this guide is for defensive, educational, and authorized use only. Never test, scan, or exploit systems without explicit authorization.
The Seven Use Cases
1. Threat Modeling and Risk Analysis
The cyber student’s analysis challenge: You can list OWASP Top 10 from memory, but can you look at a real application architecture and identify where it’s actually vulnerable? Threat modeling is the skill that separates someone who passed a certification from someone who can protect an organization.
Prompt pattern:
I am analyzing the security of [system description: web application / network architecture / cloud deployment / IoT setup].
Architecture details: [describe components — servers, databases, APIs, user access paths, network boundaries].
Help me:
1. Identify the attack surface — where is this system exposed?
2. Apply STRIDE analysis to each component (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
3. Rank the threats by likelihood and impact
4. Recommend specific, actionable mitigations — not just "use encryption" but what encryption, where, and whyFollow-up prompts:
An attacker has compromised [component]. What's their most likely next move? Map the lateral movement path.The organization has budget for only three security improvements. Based on this threat model, which three give the most risk reduction?I modeled this as having five threats. What am I missing? Challenge my threat model.2. Lab Work and Hands-On Practice
The cyber student’s lab challenge: Labs are where knowledge becomes skill. But you often run into tool errors, misconfigurations, and dead ends that eat up your limited lab time. AI can help you troubleshoot faster, understand tool output, and maximize the learning from each lab session.
Prompt pattern:
I am working through a [lab type: penetration testing / network defense / forensics / incident response] exercise.
What I've done so far: [describe steps taken and results].
Current problem: [what I'm stuck on — error message, unexpected output, tool not behaving as expected].
My environment: [OS, tools, VMs, network setup].
Help me:
1. Diagnose what's happening — explain the output I'm seeing
2. Suggest the next step without giving away the full solution (I want to learn, not copy)
3. Explain the underlying concept this lab step is testing
4. Point out what I should be documenting as I go for my lab reportFollow-up prompts:
My Nmap scan returned [results]. Walk me through what each open port and service tells me about this target. What should I investigate first?I captured network traffic in Wireshark. Here are the packets I see: [describe]. Help me identify what's normal and what's suspicious.I'm setting up a virtual lab environment for [exercise]. What do I need, and what's the most common misconfiguration that wastes time?3. Certification Exam Preparation
The cyber student’s certification challenge: CompTIA Security+, CySA+, Network+, CEH — certifications open doors, but the exams test scenario-based reasoning, not just vocabulary. The student who can analyze a scenario and choose the BEST answer (not just a correct one) passes; the one who memorized flashcards struggles with the application questions.
Prompt pattern:
I am studying for [certification: Security+ / CySA+ / Network+ / CEH / CISSP / other].
Exam date: [timeline].
Weak areas: [specific domains or topics I'm struggling with].
Generate 5 exam-style scenario questions on [topic]:
1. Make them realistic — multi-step scenarios with competing priorities
2. Include "best answer" questions where multiple options are partially correct
3. After each question, explain the reasoning for the correct answer AND why the distractors are wrong
4. Identify the exam objective being testedFollow-up prompts:
I keep getting questions about [topic] wrong. Explain the underlying concept in a way that helps me reason through any variation, not just memorize this one answer.Give me a study plan for the next [timeframe]. Prioritize the domains that carry the most weight and where I'm weakest.Quiz me rapid-fire on [domain] — ten questions, increasing difficulty. Don't let me move on if I can't explain why my answer is right.4. Security Policy and Documentation
The cyber student’s documentation challenge: In the real world, security professionals write more than they hack. Policies, procedures, risk assessments, incident reports, audit findings — the ability to communicate security concepts clearly to non-technical stakeholders is what gets you promoted.
Prompt pattern:
I need to write a [document type: security policy / risk assessment / incident report / vulnerability assessment / audit finding / security awareness training].
Context: [organization type, scope, audience].
Technical findings: [what I discovered or need to communicate].
Help me:
1. Structure this document according to industry standards (NIST, ISO 27001, CIS)
2. Translate technical findings into language the intended audience will understand
3. Include specific, actionable recommendations — not generic best practices
4. Identify what I'm missing — what would an auditor or CISO ask about that I haven't addressed?Follow-up prompts:
I found a critical vulnerability. Help me write the finding report in a way that conveys urgency without creating panic — and includes a realistic remediation timeline.Draft a security awareness training module on phishing for non-technical employees. Make it engaging, not condescending, and include realistic examples.Review my incident response plan. What scenarios does it not cover? Where would it fall apart under stress?5. Network and System Analysis
The cyber student’s systems challenge: Cybersecurity is built on networking and systems administration. You cannot defend what you do not understand. The students who struggle with security concepts often have gaps in their understanding of how networks, operating systems, and protocols actually work.
Prompt pattern:
I am analyzing [network diagram / system configuration / log output / firewall rules / access control setup].
Here is what I see: [paste or describe the configuration/output].
Help me:
1. Explain what this configuration does and what it's trying to accomplish
2. Identify security weaknesses or misconfigurations
3. Suggest hardening steps with specific settings, not just "harden the system"
4. Explain the attack this configuration is vulnerable to — from the attacker's perspectiveFollow-up prompts:
Walk me through these firewall rules line by line. Which ones are too permissive? What would I change and why?I see these logs from a Linux server: [paste]. Is there evidence of unauthorized access? Walk me through the forensic analysis.Explain the TCP three-way handshake and then explain how a SYN flood attack exploits it. I can recite the steps but I don't deeply understand why the attack works.6. Incident Response Practice
The cyber student’s response challenge: Incident response is a high-pressure activity where mistakes cost money and data. Students rarely get to practice this in school — you learn the framework but not the muscle memory. AI can simulate incident scenarios and coach your response in real time.
Prompt pattern:
Simulate an incident scenario for me:
Type: [malware outbreak / data breach / ransomware / insider threat / phishing campaign / DDoS].
Organization: [type and size — small business / enterprise / healthcare / financial].
Walk me through the incident step by step:
1. Give me the initial alert — what triggered the detection?
2. Let me decide what to investigate first. Tell me what I find.
3. Challenge my containment decisions — what are the tradeoffs?
4. Guide me through eradication, recovery, and lessons learned
5. At the end, grade my response — what did I do well and what would I do differently?Follow-up prompts:
I chose to isolate the affected server. What data did I lose by doing that? What would I have gained by monitoring it longer? Help me think about the tradeoff.The CEO wants to know "are we safe?" 30 minutes into the incident. Draft my verbal briefing — concise, honest, and not panic-inducing.Post-incident: help me write a root cause analysis and lessons learned document. What process failures led to this, beyond the technical vulnerability?7. Career and Specialization Planning
The cyber student’s career challenge: Cybersecurity has dozens of specializations — SOC analyst, pen tester, forensics, GRC, cloud security, threat intelligence, security architecture. Students who pick a direction early and build depth beat generalists in the job market. But the field is confusing to navigate from the outside.
Prompt pattern:
I am interested in [cybersecurity specialization] but I'm still in school at a community college.
My current skills: [courses completed, tools I know, any certifications].
What I enjoy most: [the parts of security that energize me].
Help me:
1. Map the realistic career path from community college to that specialization
2. Which certifications should I pursue and in what order?
3. What can I be doing right now — home labs, CTF competitions, open-source contributions — that builds real experience?
4. What does the job market for this specialization actually look like? Be honest about entry-level expectations and salary.Follow-up prompts:
I want to build a home lab for [specialization]. What hardware and software do I need, and what should I practice?Are there CTF competitions or bug bounties appropriate for my skill level? Help me find the right starting point so I don't get discouraged.Review my resume for a SOC analyst entry-level position. What's missing, what's overselling, and how do I demonstrate hands-on skill without professional experience?What Great Looks Like
After consistent use, you should notice:
- You can look at a system and see what an attacker sees — not just run a scanning tool
- Lab exercises make more sense because you understand the concepts beneath the commands
- Certification study feels like building intuition, not memorizing flash cards
- You can write a security finding that a non-technical manager understands and acts on
- Your career strategy is informed and specific, not “I’ll figure it out after graduation”
The cybersecurity students who thrive with AI are the ones who use it to build deeper understanding of how systems work and break — not to shortcut the learning that makes them effective defenders.
Your AI toolkit: These prompts work in ChatGPT, Claude, Copilot, Gemini — and in the Alex VS Code extension, which was designed around them. Start with whatever you have. The skill transfers across all of them.
Your First Week: Practice Plan
| Day | Task | Time |
|---|---|---|
| Day 1 | Run a threat model on a system from one of your current courses | 20 min |
| Day 2 | Generate 10 Security+ scenario questions on your weakest domain | 20 min |
| Day 3 | Walk through an incident response scenario — let AI be the attacker | 25 min |
| Day 4 | Analyze a network configuration for vulnerabilities using the analysis prompt | 20 min |
| Day 5 | Map your career specialization path and identify your next certification target | 15 min |
Month 2–3: Advanced Applications
Lab Journal
After each lab session, preserve what you learned:
/saveinsight title="Lab: [exercise name]" insight="Objective: [what the lab tested]. Tools used: [list]. Key findings: [what I discovered]. Where I got stuck: [and how I solved it]. Security concept demonstrated: [underlying principle]. What I'd do differently: [reflection]." tags="cybersecurity,lab,hands-on"Certification Progress Tracker
/saveinsight title="Cert: [certification name]" insight="Target date: [exam date]. Domains mastered: [list]. Domains needing work: [list]. Practice exam scores: [track progress]. Weak spot pattern: [what I keep getting wrong and why]." tags="cybersecurity,certification"Continue your practice: Self-Study Guide — the 30/60/90-day habit guide.
Show the world you've mastered using AI in cybersecurity. Add your certificate to LinkedIn.
Alex was a co-author of two books — a documentary biography and a work of fiction. Both explore human-AI collaboration from angles the workshop only touches.