Blue Cross Shield's Senior Vulnerability Risk Manager, Wayne Nordstrom is currently enrolled at Champlain College in Burlington, Vermont. He holds a BS in Networks and Cybersecurity from the University of Maryland. With experience spanning five years, Wayne Nordstrom has competed in various cyber security-oriented tournaments, such as zero-day vulnerability tournaments.

A zero-day vulnerability is a software or hardware defect that has recently been discovered but is yet to be fixed. These vulnerabilities are often disclosed before security researchers and software developers become aware of them. As a result, they have less than enough time to correct it. Zero-day vulnerabilities, if left undiscovered by the wrong person, do not pose a cyber security threat. They merely represent an avenue through which cybercriminals can make a profit.

Once a weak point in the software or hardware has been established, hackers can create malware that takes advantage of it. This is called an "exploit code." Using the exploit code, hackers can carry out a zero-day attack to carry out various cybercrimes including identity theft.

Because a zero-day vulnerability, once discovered, might take days, weeks, or even months to patch, hackers try to keep knowledge of the vulnerability secret while they use the exploit code to make victims of software users.