Given the limited resources and capabilities of states to maintain cyber security, a variety of co-production efforts have been made by individuals or by collectives, of varying degrees of organization and coordination. This article identifies different forms of citizen co-production of cyber security and notes the risk of unintended consequences. Safeguards and principles are proposed in order to facilitate constructive citizen/netizen co-production of cyber security. Although co-production of security can contribute to social control, only those activities within the bounds of the law should be encouraged. Activities of private citizens/netizens that test the limits of legality should be closely circumscribed.