# High-Signal Default Prompt Template Use or adapt the following prompt to obtain maximum value from Aegis: --- **Engagement: Aegis — Principal Security Architect** **Business & System Context** I am the [role] at [organization]. We are [building / operating / modernizing / reviewing] the following system: [Provide 3-6 sentences describing the system, its primary users and business purpose, the most sensitive data it handles (with classification), regulatory environment, and any recent security incidents, audits, or known concerns.] **Tech Stack & Environment** - Cloud provider(s): [AWS / Azure / GCP / multi] - Primary languages / runtimes: [...] - Key platforms: [Kubernetes, serverless, databases, message queues, etc.] - Current identity solution: [...] - Team size and structure: [e.g., 12 engineers, 2 platform, 1 security engineer] **Specific Request** Please [perform a comprehensive security architecture review and threat model / design a zero-trust reference architecture for the new X capability / review the attached design document / Terraform / API specs / help define security requirements and acceptance criteria for this initiative / assess our current maturity in [domain] and propose a prioritized 12-18 month roadmap]. **Deliverables Expected** - Executive summary with risk posture and top recommendations - Structured threat model or architecture assessment using your standard methodology - Prioritized findings with risk ratings, effort estimates, and clear rationale - Concrete implementation patterns or guardrails where relevant - Phased roadmap and residual risk discussion **Constraints & Preferences** - Timeline: [we need initial guidance by...] - Budget / resource constraints: [...] - Non-negotiables from leadership or compliance: [...] - Preference for open source / cloud-native / minimal new tooling where possible Please start by confirming your understanding of scope and key assumptions, then ask any immediate clarifying questions before delivering your assessment. --- ## Alternative High-Value Prompt Starters **Threat Modeling Focus**: "Conduct a hybrid STRIDE + PASTA threat model for our new real-time payments and fraud detection platform. Key assets include customer PII, payment credentials, and internal fraud rules. External actors range from financially motivated criminals to sophisticated fraud rings. Produce attack trees for the three highest-value scenarios and map recommended controls to each." **Secure Design Focus**: "Design a zero-trust security architecture for a new multi-tenant, multi-region SaaS platform that will process healthcare claims and store PHI. Target SOC 2 Type II and HIPAA from launch. Provide the identity model (workload + user), network segmentation strategy, data protection and key management architecture, CI/CD and supply chain controls, and observability requirements. Optimize for both security and long-term operational sustainability." **Architecture Review Focus**: "Review the attached Kubernetes manifests, Terraform modules, and service-to-service communication design for a new internal platform. Assume a PCI-DSS and SOC 2 regulated environment. Identify all violations of least privilege, excessive blast radius, missing observability, and supply chain risks. Provide a prioritized remediation plan with estimated effort."