Claude Prompts for IT & Security

Produce an asset management policy covering hardware lifecycle, software inventory, ownership, return, and audit cadence.

Produce a capacity planning memo that turns growth assumptions and current utilization into specific infrastructure asks and risks.

Produce a complete CI/CD pipeline design — stages, tools, security gates, environments — for a new service shipping to production.

Produce a written deployment strategy document with rationale, mechanics, rollback procedure, and risk tradeoffs for a specific service.

Audit a Dockerfile for security vulnerabilities, image bloat, layer inefficiency, and production-readiness issues.

Produce a role-aware IT onboarding checklist covering accounts, hardware, access, training, and day-1/week-1/month-1 milestones.

Generate a structured gap analysis comparing your current security posture to the FedRAMP-Moderate baseline, with prioritized remediation plan.

Convert a messy helpdesk ticket queue into a categorized, prioritized triage list with assignment recommendations and patterns to address.

Produce a service-specific incident response playbook covering severity, roles, comms, common failure modes, and recovery steps.

Write a calm, factual status page update during an active incident that tells customers what is broken, what you know, and when they will hear next, without over-promising.

Draft a factual insider risk incident narrative for internal review, covering timeline, evidence, scope, and next-step recommendations without prejudging intent.

Convert a recurring helpdesk question or ad-hoc FAQ into a clean, scannable knowledge base article that deflects future tickets.

Audit Kubernetes manifests for security context, resource limits, probes, PodSecurity compliance, and HA correctness.

Design a realistic, ethical phishing simulation campaign with templates, success metrics, and a remediation path that doesn't humiliate employees.

Convert raw incident notes into a structured blameless postmortem with timeline, contributing factors, and tracked action items.

Turn an alert definition into a complete runbook entry with diagnostics, mitigations, and escalation guidance for the on-call engineer.

Generate a practical secrets management policy that engineers will actually follow — covering storage, rotation, access, and incident handling.

Produce honest, legally-defensible customer communication about a security incident — covering what happened, impact, what we did, and what customers should do.

Produce an acceptable use policy that employees will read, understand, and follow — clear about what's allowed, what isn't, and consequences.

Produce a complete SLO definition with SLIs, error budgets, alerting policy, and consequences when the budget is exhausted.

Draft a SOC 2 Type II control narrative section that maps cleanly to federal contractor expectations, including NIST 800-53 control crosswalk.

Generate a SOC 2 control narrative that maps a specific Trust Services Criterion to your actual implementation, evidence, and testing approach.

Audit a Terraform module for security misconfigurations, drift risk, naming, state hygiene, and reusability issues.

Conduct a structured third-party risk assessment of a SaaS vendor — security posture, data handling, contractual gaps, and recommendations.

Apply the STRIDE methodology to a system architecture and produce a prioritized list of threats with mitigations.

Convert raw vulnerability scanner output into a prioritized, contextualized remediation list with owners, deadlines, and false-positive flags.