QOTD - Spafford on Infosec as a Profession

The real value chance for advancement and chance to make a difference is in treating this really as a profession [...] It's very similar to what one might encounter in becoming a doctor, lawyer or college professor, where you have to devote yourself to life-long education and development and continuing to hone your skills. Part of being a professional is to actually continue to improve in what you're doing, rather than treating it simply as a job [...] I think it's time to also make the distinction between having a job and being part of a profession. Training will get you a job. Education - especially ongoing education - is part of being a professional and that's where I think the future really lies for many people in this field.
-- Professor Eugene H. Spafford, Executive Director, CERIAS at Purdue University

Note: emphasis is mine.

Src: Infosec Careers: The New Demands (see page 3 for actual quote)

QOTD on Mobile Phones & Security

The forthcoming ubiquity of near-field communication payment technology in smartphones is especially worrisome.

Two-factor authentication originally emerged because people couldn't trust computers. Using mobile phones as an identity factor defeats two-factor authentication.
-- Marc Maiffret, CTO of eEye Digital Security

Note: emphasis is mine

Analysis: the future of malware | Computerworld New Zealand

QOTD - Social Networks and You

When people make trust decisions with social networks, they don't always understand the ramifications. Today, you are far more knowable by someone who doesn't know you than ever before in the past.
-- Dr. Hugh Thompson, program chair of RSA Conferences.

QOTD on Theories and Models

As the field of information security matures, naturally, more attention and work is being done to establish theories and models that could one day be used to predict or detect behaviors or incidents. The quote below, from Emmanuel Derman's book "Models.Behaving.Badly" isn't about information security but about finance; however, I believe the lesson is equally applicable to our field.
The similarity of physics and finance lies more in their syntax than their semantics. In physics you’re playing against God, and He doesn’t change His laws very often. In finance you’re playing against God’s creatures, agents who value assets based on their ephemeral opinions. The truth therefore is that there is no grand unified theory of everything in finance. There are only models of specific things.

Src: Models.Behaving.Badly | Not Even Wrong Blog
(Hat tip to @oneraindrop for mentioning this blog post)