Module 2 · Prompt Engineering for Practitioners

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 25, 2026
5 min read
Read as

Last updated: April 29, 2026

Beyond LinkedIn tips. Structured prompting, few-shot, JSON output, tool use, and how to ship reliable prompts that don’t silently regress.

Most “ChatGPT tips” content on LinkedIn is garbage. The real skill isn’t tricks — it’s structured thinking about input, examples, output format, and evaluation. By the end of this module, you’ll prompt like an engineer, not a hobbyist.

The 5 prompt structures that matter

1. Zero-shot

You give an instruction with no examples. Works for tasks the model has clearly seen during training:

Translate to French: "I love security."

Use when: simple, well-known transformations.

2. Few-shot

You include 2-5 input/output example pairs before the actual query. Dramatically boosts performance on classification, structured extraction, custom formats:

Classify CVE severity:

Input: "Remote code execution in Apache, public exploit"
Output: CRITICAL

Input: "Information disclosure on /admin endpoint"
Output: MEDIUM

Input: "Outdated jQuery version"
Output: LOW

Input: "{user_cve}"
Output:

3. Chain-of-thought (CoT)

Tell the model to “think step by step.” Boosts reasoning accuracy on math, logic, and multi-step problems:

Q: A company has 5,000 servers. 12% are misconfigured.
   Of those, 30% expose admin panels. How many servers expose admin panels?
A: Let me think step by step.
   Total servers: 5,000
   Misconfigured: 12% × 5,000 = 600
   Of misconfigured exposing admin: 30% × 600 = 180
   Answer: 180

4. Role + task + format

Set context, define task, specify output format. The professional pattern:

You are a senior cybersecurity analyst writing for a CTO.

Task: Summarise the following CVE in three sentences.

Format:
- Sentence 1: What the vulnerability is
- Sentence 2: What an attacker can do
- Sentence 3: Recommended action

CVE description: {raw_cve_text}

5. Constrained output (JSON mode)

Most modern APIs let you force JSON output that conforms to a schema. This eliminates parsing fragility:

{
  "model": "gpt-4o",
  "messages": [{"role": "user", "content": "Extract from CVE..."}],
  "response_format": {
    "type": "json_schema",
    "json_schema": {
      "name": "cve_triage",
      "schema": {
        "type": "object",
        "properties": {
          "severity": {"type": "string", "enum": ["LOW","MEDIUM","HIGH","CRITICAL"]},
          "affected_systems": {"type": "array", "items": {"type": "string"}},
          "exploit_available": {"type": "boolean"}
        },
        "required": ["severity","affected_systems","exploit_available"]
      }
    }
  }
}
Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
← Previous · Module 1
Module 1 · AI Foundations — Tokens, Context & Cost
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Beginner

How LLMs actually work — tokenisation, context windows, embeddings, and the cost economics every Indian practitioner…

Apr 25, 2026 · 5 min read
Academy
Module 3 · Intermediate

APIs, vector databases, chunking strategies, agents — the moment AI goes from toy to production. Includes…

Apr 25, 2026 · 4 min read
Academy
Module 4 · Advanced

When APIs aren't enough — train, evaluate, deploy custom models on your own infra. LoRA, vLLM,…

Apr 25, 2026 · 4 min read