## Gemini Prompt Engineering Notes

Prompt engineering helps improve the quality, relevance, and consistency of AI outputs. To increase the likelihood of the Gemini API to generate a similar report to the one our sponsor provided, we will be testing structured, specific prompts to control the model's randomness and prevent having to expend resources to train a model.

Gemini API Structure:
- User Inputs: Multimodal, allows prompts to include text, images, video, and audio
- System Instructions: Guide the model's behavior and provide context for the entire user interaction. We will definetly specify the output format to ensure it is saved into the database correctly.
    - Plan to test: Persona/role, output style/tone
- Configuration Parameters: Control content generation and fine-tune the model's reponse.

### Data From Sponsor

Questionnaire / Organization Profile Example

| Org Name | Email Domain | Website Domain | External IP | Do you require MFA to access email? | Do you require MFA to log into computers? | Do you require MFA to access sensitive data systems? | Does your organization have an employee acceptable use policy? | Does your organization do security awareness training for new employees? | Does your organization do security awareness training for all employees at least once per year? |
| :---: | :---: | :--: | :--: | :--: | :--: | :--: | :--: | :--: | :--: |
| Valier School District | valier.k12.mt.us | www.valier.k12.mt.us | 216.220.16.170 | Yes | Yes | Yes | Yes | Yes | Yes |

DNS DIG on Email Domain

``` 
id 49113
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
valier.k12.mt.us. IN ANY
;ANSWER
valier.k12.mt.us. 3600 IN SOA cudess1.umt.edu. dns-request.umt.edu. 2024030501 21600 900 1209600 86400
valier.k12.mt.us. 3600 IN NS ens-o1.umt.edu.
valier.k12.mt.us. 3600 IN NS cudess2.umt.edu.
valier.k12.mt.us. 3600 IN NS cudess1.umt.edu.
valier.k12.mt.us. 3600 IN A 216.239.38.21
valier.k12.mt.us. 3600 IN A 216.239.32.21
valier.k12.mt.us. 3600 IN A 216.239.34.21
valier.k12.mt.us. 3600 IN A 216.239.36.21
valier.k12.mt.us. 3600 IN MX 1 aspmx.l.google.com.
valier.k12.mt.us. 3600 IN MX 10 aspmx2.googlemail.com.
valier.k12.mt.us. 3600 IN MX 10 aspmx3.googlemail.com.
valier.k12.mt.us. 3600 IN MX 5 alt1.aspmx.l.google.com.
valier.k12.mt.us. 3600 IN MX 5 alt2.aspmx.l.google.com.
valier.k12.mt.us. 3600 IN TXT "v=spf1 include:_spf.google.com include:mg.infinitecampus.org -all"
;AUTHORITY
;ADDITIONAL
```

DNS DIG on Email DMARC Domain

```
id 45565
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
_dmarc.valier.k12.mt.us. IN ANY
;ANSWER
_dmarc.valier.k12.mt.us. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@valier.k12.mt.us"
;AUTHORITY
;ADDITIONAL
```

Port Scan on Web

```
--------------------------------------------------
Scanning Target: 216.239.32.21
Scanning started at:2025-07-18 22:09:34.408091
--------------------------------------------------
Port 80 is open
Port 443 is open
```

Port Scan on External IP

```
--------------------------------------------------
Scanning Target: 216.220.16.170
Scanning started at:2025-07-18 22:12:17.055226
--------------------------------------------------
no ports open
```

### Sample Prompt from Sponsor

Given this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.

### Example Report from Sponsor, Generated from ChatGPT

**Cybersecurity Readiness Report for Valier School District**

**Date:** July 18, 2025

**1. Overview**

This report evaluates the cybersecurity posture of Valier School District based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings reflect a strong commitment to foundational cybersecurity practices across user access, email protection, network exposure, and staff awareness.

**2. Organizational Information**
- **Organization Name:** Valier School District
- **Email Domain:** valier.k12.mt.us
- **Website Domain:** www.valier.k12.mt.us
- **External IP (Firewall):** 216.220.16.170
- **Website Hosting IPs:** 216.239.32.21, 216.239.34.21, 216.239.36.21, 216.239.38.21
- **DNS Hosting:** Managed by University of Montana (umt.edu nameservers)

**3. Security Questionnaire Review**
| Security Control | Status |
| :--------------: | :----: |
| MFA for Email | Yes |
| MFA for Computer Login | Yes |
| MFA for Sensitive Systems | Yes |
| Acceptable Use Policy | Yes |
| New Employee Security Awareness Training | Yes |
| Annual All-Employee Security Training | Yes |

**Summary:** The district reports complete implementation of basic cyber hygiene practices, especially user authentication (Multi-Factor Authentication) and routine training. This indicates a proactive and policy-driven approach to risk mitigation.

**4. DNS & Email Security**

**DNS Records**
- DNS is managed by the University of Montana (cudess1.umt.edu, cudess2.umt.edu), suggesting centralized and professionally administered DNS.
- A records point to IPs within Google's network (likely Google Sites hosting for web content).
**MX Records (Email)**
- The district uses Google Workspace (Gmail) for email, as shown by multiple aspmx.l.google.com MX records.
- SPF record is correctly configured: v=spf1 include:_spf.google.com include:mg.infinitecampus.org -all
    - This helps mitigate spoofing by defining authorized mail senders.
**DMARC Record**
- A valid DMARC record exists with a **reject** policy: v=DMARC1; p=reject; rua=mailto:dmarc@valier.k12.mt.us
    - This instructs receiving servers to reject unauthenticated mail, providing strong protection against phishing.
**Conclusion:** DNS and email protections (SPF, DMARC, and hosting security) are configured correctly and follow best practices.

**5. Port Scanning Results**

**Website Hosting (Google IP: 216.239.32.21)**
- **Port 80 (HTTP):** Open
- **Port 443 (HTTPS):** Open
These are expected for a publicly accessible website and are typical for Google-hosted services.

**Firewall / External IP (216.220.16.170)**
- **All scanned ports are closed**
This is a strong sign of network perimeter hardening and good firewall configuration. No externally exposed services were found on the organization's primary IP.

**6. Risk Assessment & Readiness Summary**
| Category | Status | Notes |
| :------: | :----: | :---: |
| Authentication Security | Strong | MFA is required across key systems |
| Email Security | Strong | SPF and DMARC with "reject" policy in place |
| Network Exposure | Secure | No exposed services on the external firewall IP |
| Web Hosting | Secure | Google-hosted; limited attack surface |
| Policy & Training | Comprehensive | Acceptable use policies and regular training in place |

**7. Recommendations**
Although the cybersecurity readiness is solid, continuous improvement is essential. We recommend the following:
1. **Verify DKIM**: While SPF and DMARC are configured, ensure **DKIM** is also active for all sending domains.
2. **Vulnerability Scanning**: Consider regular internal and external vulnerability assessments of network devices and servers.
3. **Incident Response Plan**: Document and regularly test a cybersecurity incident reponse and disaster recovery plan.
4. **Asset Inventory**: Maintain a regularly updated inventory of hardware/software assets and monitor for unauthorized changes.
5. **Third-party Risk**: Evaluate vendors (e.g., Infinite Campus) for their security psture, especially since they're included in SPF.

**8. Conclusion**

Valier School District demonstrates a strong cybersecurity foundation, particularly in authentication, email protection, staff training, and perimeter security. Continued vigilance and regular audits will help maintain and improve this strong security posture.

**Prepared by:**

Cybersecurity Assessment Team

**Date:** July 18, 2025

## Testing Gemini API

[Gemini Models](https://ai.google.dev/gemini-api/docs/models)

In [3]:
import os
import google.generativeai as genai
from dotenv import load_dotenv, find_dotenv

load_dotenv(find_dotenv())
genai.configure(api_key=os.environ["GEMINI_API_KEY"])
model = genai.GenerativeModel('gemini-2.5-pro')

  from .autonotebook import tqdm as notebook_tqdm


In [4]:
# Test response
response = model.generate_content("Explain the concept of cybersecurity in simple terms.")
print(response.text)

Of course! Here is an explanation of cybersecurity in simple terms, using an analogy.

### Imagine Your Digital Life is a House

Think of all your online information—your email, bank account, social media, photos—as being inside your house.

*   **Your Data is Your Stuff:** Your money, photos, and private documents are the valuable things you keep inside.
*   **Your Devices are the Doors & Windows:** Your phone, laptop, and tablet are the ways to get into your house.
*   **Your Passwords are the Keys:** You need the right key to open a door.

**Cybersecurity, in this case, is simply your home security system.**

It’s everything you do to protect your house and the valuable stuff inside from burglars (hackers and scammers).

---

### What a Home Security System (Cybersecurity) Includes:

1.  **Strong Locks (Strong Passwords)**
    You wouldn't use the same flimsy key for your front door, back door, and car. Similarly, you should use different, complex passwords for each of your online a

In [None]:
import json

model = genai.GenerativeModel('gemini-2.5-pro')

prompt_text = 'Prompt:\nGiven this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.'

context1_text = 'Context:\n'
context2_text = 'Context:\n'

example_text = 'Example:\n' + prompt_text

filepaths = ["test_questionnaire.json", "test_port_scan_external_ip.json", "test_port_scan_web.json", "test_dns_dig_email.json", "test_dns_dig_email_dmarc.json", "test_sample_report.json"]
sample1_filepaths = ["sample1_questionnaire.json", "sample1_dns_dig_email_dmarc.json" ,"sample1_dns_dig_email.json", "sample1_port_scan_external_ip.json", "sample1_port_scan_web.json"]
sample2_filepaths = ["sample2_questionnaire.json", "sample2_dns_dig_email_dmarc.json", "sample2_dns_dig_email.json", "sample2_port_scan_external_ip.json", "sample2_port_scan_web.json"]

for file in filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            example_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("=======  Example ==========")
print(example_text)
print("===========================")

for file in sample1_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context1_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 1 =========")
print(prompt_text)
print(context1_text)
print("===========================")

for file in sample2_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context2_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 2 =========")
print(prompt_text)
print(context2_text)
print("===========================")

Example:
Prompt:
{"text": "Given this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization."}
Context:
test_questionnaire.json:
{
  "text": {
    "Organization Name": "Valier School District",
    "Email Domain": "valier.k12.mt.us",
    "Website Domain": "www.valier.k12.mt.us",
    "External IP": "216.220.16.170",
    "Do you require MFA to access email?": "Yes",
    "Do you require MFA to log into computers?": "Yes",
    "Do you require MFA to access sensitive data systems?": "Yes",
    "Does your organization have an employee acceptable use policy?": "Yes",
    "Does your organization do security awareness training for new employees?": "Yes",
    "Does your organization do security awareness training for all employees at least once per year?": "Yes"
  }
}
--
test_port_scan_external_ip.json:
{
  "text": "--------------------------------------------------\nScanning 

In [36]:
import json
import markdown
import google.generativeai as genai
import re

def markdown_to_html(text_content, output_filename="output.html"):
    try:
        json_match = re.search(r'```json\s*(.*?)\s*```', text_content, re.DOTALL)
        if json_match:
            json_string = json_match.group(1).strip()
            try:
                data = json.loads(json_string)
                markdown_content = data.get("text", "")
            except json.JSONDecodeError:
                print("Warning: JSON inside the code block is not valid. Treating entire content as plain text.")
                markdown_content = text_content
        else:
            try:
                data = json.loads(text_content)
                markdown_content = data.get("text", "")
            except json.JSONDecodeError:
                markdown_content = text_content

        if isinstance(markdown_content, str):
            html_output = markdown.markdown(markdown_content, extensions=['tables', 'fenced_code'])
        else:
            print(f"Error: Markdown content is not a string, it's a {type(markdown_content)}")

        full_html = f"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Markdown Export</title>
    <style>
        body {{ font-family: sans-serif; line-height: 1.6; margin: 2rem; }}
        h1, h2, h3, h4, h5, h6 {{ color: #333; }}
        pre {{ background-color: #f4f4f4; padding: 1rem; border-radius: 5px; overflow-x: auto; }}
        code {{ font-family: monospace; }}
        blockquote {{ border-left: 4px solid #ccc; padding-left: 1rem; color: #666; }}
        table {{ border-collapse: collapse; width: 100%; margin: 1rem 0; }}
        th, td {{ border: 1px solid #ddd; padding: 8px; text-align: left; }}
        th {{ background-color: #f2f2f2; }}
    </style>
</head>
<body>
{html_output}
</body>
</html>
"""
        with open(output_filename, "w", encoding="utf-8") as f:
            f.write(full_html)

        print(f"Successfully converted Markdown to {output_filename}")

    except Exception as e:
        print(f"An unexpected error occurred: {e}")

In [None]:
# No cleaning up of the data
response = model.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)
markdown_to_html(response.text, "sample1_output_no_prompting.html")

Successfully converted Markdown to sample1_output_no_prompting.html


In [None]:
# No cleaning up of the data
response = model.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)
markdown_to_html(response.text, "sample2_output_no_prompting.html")

Successfully converted Markdown to sample2_output_no_prompting.html


In [None]:
prompt_text = 'Prompt:\nGiven this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization. Please respond in markdown format.'

response = model.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)
markdown_to_html(response.text, "sample1_output_markdown_prompt.html")

print("==============================")

response = model.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)
markdown_to_html(response.text, "sample2_output_markdown_prompt.html")

Successfully converted Markdown to sample1_output_markdown_prompt.html
Successfully converted Markdown to sample2_output_markdown_prompt.html
