Superconductor

I know lots of people who are big fans of horror fiction. Many of them tell me that they read horror fiction because they like the way it makes them feel. Many of them apparently like the uneasy feeling that they get from reading it, even the really over-the-top stuff that does its best to make you feel the desperate need to take a shower after you finish it.

It seems to me that information security is also a bit like this - it also deals with lots of bad things happening, many which are really out of your control. Having an exploitable buffer overflow vulnerability discovered in your web server probably isn't as bad as the end of the world in which some sort of out-of-control secret government experiment leads to us all being eaten by zombies, for example, but it's not the sort of thing that you can really do much about, and neither one of these possibilities is really very appealing. 

There probably aren't many people why stay awake at night worrying about being eaten by zombies while there are people who stay awake at night worrying about the possibility of their web server having an exploitable vulnerability, so that's probably not the best example. But if there are people who like the feeling that they get from reading horror novels, I wouldn't be too surprised if there are also people who like thinking about information security for very similar reasons. If I remember to, I'll have to ask people about this at one of the vendor-sponsored parties at next year's RSA Conference.