In this article, I critically examine the ‘Cyber Kill Chain’, a methodological framework for thought and action that shapes both contemporary cybersecurity practice and the discursive construction of security threats. The history and epistemology of the Cyber Kill Chain provide unique insight into the practice of contemporary cybersecurity, insofar as the Kill Chain provides cybersecurity practitioners with predetermined categories and indicators of threat that shape how threats are conceptualised and understood by defenders and suggests actions to secure against them. Locating the origins of the kill chain concept in US military operational logics, its transformation through the anticipatory inquiries of intelligence, and its automation in computational networks, this article argues that the Cyber Kill Chain is emblematic of a vigilant socio-technical logic of security, where human perception, technical sensing, and automation all respond to and co-produce the (in)security through which political security concerns are articulated. This practice makes politics; it excludes, includes, and shapes what is perceived to be dangerous and not, directly impacting the security constructed. Through a critical reading of the Cyber Kill Chain, this article provides insight into cybersecurity practitioners’ epistemic practice and as such contributes to discussions of cybersecurity expertise, threat construction, and the way in which cybersecurity is understood and practised as a global security concern.