This dissertation examines the role of cyber security companies in the production of contemporary cyber security. The increasing pressures to securitize cyberspace have contributed to the growth of a lucrative market oriented at providing cyber security products and services to commercial and government customers. Using a Bourdieu-inspired framework, the work: analyzes the historical conditions under which information technologies gained ground within security debates; identifies the positions and investigates the practices of cyber security companies within the cyber security field and analyzes the ongoing struggles for the production of cyber security. Risk-based thinking is a cornerstone of the process of conceiving and commercializing products and services advertised by companies. In this sense, it is argued that both risk-based thinking and the commercial practices of cyber security companies produce specific forms of security. The work identifies three distinct forms of security produced within the field: defensive security, offensive security and active defense. It analyzes the implications of each form to the overall security of cyberspace and argues that whilst the majority of companies adopt an active defense approach in their products and services, some of them are leaning towards more offensive solutions to deal with current risks. It concludes the analysis with some thoughts on the implications of the current dynamics of the cyber security market for security and Internet governance.