Proper Tools
Hard Problems Made Legible
Independent advisory practice on systemic infrastructure risk and long-horizon failure modes.
Commons text

The Hippocratic Oath of the Cybersecurity Practitioner

An oath.

For practitioners, by practitioners — on what the work is, and what it is for.

Published: 2026-04-23 ∶ Proper Tools ∶ Commons
For the FIRST community ∶ For Felix “FX” Lindner ∶ For everyone still doing the work.

Primum non nocere.

I take up this craft in honesty—
about what it is, and what it is not.

I do not sort good and evil numbers.
I maintain imperfect coherence in adversarial conditions.
I will not pretend the work is cleaner than it is.
It is engineering, not theology.

The systems in my care belong to those who depend on them.
I serve their continuity, within the limits of what is lawful and what is right—
and I will not pretend these are always the same.

Capability is not permission.
That I can do a thing does not mean I may.
I will seek consent where it can be given,
and act with restraint where it cannot.

The same tools I use to defend can also do harm.
I will not confuse protection with domination.
When I cannot tell the difference,
I will say so.

I will tell the truth about what I find—
to those who can act,
in a manner and at a time that reduces harm.
I will not weaponize disclosure against the vulnerable,
and I will not bury it to protect the powerful.

I will honor those who came before,
and teach those who come after,
because this craft survives by what is carried forward.

I will say “I do not know” when I do not know.
I will not mistake confidence for competence,
nor process for judgment.

I will act under uncertainty,
knowing that delay can cause harm
and action can cause harm.
I will decide anyway,
and I will own the consequences.

I will fail.
When I do, I will account for it plainly,
repair what I can,
and carry the lesson forward
without concealment or excuse.

Those who depend on this work
will likely never know my name.
I will do it anyway,
to a standard I could defend to them
if they asked.

I will refuse work
that I believe causes more harm than it prevents,
even when refusal costs me.

I will remain teachable.
The tools will change.
The assumptions will fail.
The adversaries will evolve.
So must I.

And I will remember:
this work is not my life.

I have obligations beyond it—
to those I love,
to those who depend on me,
and to my own life.

I will not sacrifice these to the work.
They are what the work is for.