From Generic Toolkits to Personalized Cyber Guidance at Scale

Reducing cyber risk for organizations that lack dedicated security resources is the core mission of this nonprofit — translating complex frameworks into actionable guidance for small businesses, nonprofits, and communities worldwide. As leadership looked to scale that impact, they recognized an opportunity to move beyond static toolkits and deliver advice that responds to each organization's specific security posture, location, and context. An AI-powered assessment engine would allow the team to serve a far broader audience with far more relevant recommendations than any manual or template-driven approach could achieve. This engagement was the first step toward that vision: a production-ready proof of concept designed to validate the architecture, sharpen the approach, and give the team a durable foundation to build on.

The project aimed to design and deliver a working AI recommendation system within three weeks. Success meant a fully functional RAG pipeline ingesting the organization's cybersecurity frameworks and training materials, a two-stage maturity assessment capable of scoring organizations on a one-to-five scale, and a structured API returning prioritized, context-aware recommendations that the product team could integrate directly into their user interface without additional transformation work.

The core challenge was building a system that could do something genuinely difficult: take a short set of assessment responses from an organization anywhere in the world, understand their specific security gaps and context, and return guidance that felt tailored rather than generic. That required connecting several distinct capabilities into a coherent pipeline. The RAG system needed to ingest a heterogeneous library of frameworks, toolkits, and training documents — spanning Word, Markdown, and plain text formats — chunk and embed them reliably, and retrieve the most relevant content for each unique organizational profile. The recommendation layer then had to synthesize that retrieved content with organizational context, including entity type, geography, and specific concerns, into structured outputs with categories, priorities, and effort estimates.

‍

Delivering all of this within a three-week engagement, inside the organization's own AWS environment, with full documentation and handoff readiness, compressed the execution timeline significantly. The ingestion pipeline also had to be fully automated from the moment a file landed in S3, so new documents and content updates could flow in without any engineering intervention.

Protagona designed a two-stage assessment and recommendation architecture built entirely on AWS. The ingestion layer automated the full content lifecycle: documents uploaded to S3 are processed by a Lambda function that generates vector embeddings, deduplicates content via hash comparison, and registers results in DynamoDB. Fixed-size chunking with overlap preserves context across document boundaries, allowing the organization to expand or refresh its knowledge base without engineering intervention.

‍

The recommendation engine accepts JSON inputs containing an organization's assessment responses, profile, and location. A prompt engineering layer queries the vector store for the most relevant framework excerpts before passing everything to the LLM via Amazon Bedrock. The model returns a structured response — a personalized summary, three to five prioritized recommendations with effort ratings and source references, and suggested search queries for deeper exploration — exposed through a GraphQL API on AWS AppSync for direct frontend integration. The engagement closed with full knowledge transfer, including architecture diagrams, a system ReadMe, and training sessions, so the client team can operate and extend the system independently.

‍