IT security certainly is an unusual business. The types and magnitudes of the threats we face today would be almost unimaginable just a few years ago. E-mail viruses have been with us since 1999 [1], but the delivery mechanisms have become more effective and more insidious. For years, security folks were warning us about the growing problems associated with identity theft, and we had been waiting quite some time for the inevitable big Internet worm that would succeed the Morris Worm of 1988 [2]. We now deal with these situations on a daily basis. Even so, much of what we face today, such as the proliferation of botnets -- armies of hijacked computers that can be rented out for nefarious purposes -- seems like something more appropriate for a cyberpunk novel than a civilized society.