I’ve mentioned here and there that I hit around 586 miles of hiking from August 6 2014 – August 6 2015. Last year was the first time I ever hiked more than 6 miles. Ever.

300 miles were in Appalachian Trail Sections and most of the other 286 were in the Pacific Northwest (and most of those were done in the Olympic Mountains).

Im writing about the whole experience, slowly (using tons of emails during the AT hikes as the core), but I thought folks would appreciate having an idea of where I’ve been in summary form. If nothing else, putting this here helps keep the history and experiences straight in my head.

The first section of this post is a hike location/distance summary and the second section is an alphabetized list of the trails I’ve been on – including links to any pictures I have, any official information online, and brief trip notes on my part.

I also wrote up a Medium piece HERE on a recent hike and it sort of sums up how I feel about being out here in general – and has some gorgeous pictures of what is, essentially, my backyard :)

Enjoy.

Distance Summary

MILES HIKE STATE
300 Appalachian Trail NA
32 Enchanted Valley 1 WA
26 Enchanted Valley 2 WA
21 7 Lake Basin/High
Divide
WA
20.4 Thunder Creek WA
19.4 Hoh River Trail WA
15 Shi Shi Beach 1 WA
14 Upper Lena Lake WA
11.5 Marmot Pass WA
9 Surprise Lake WA
8.2 Dickerman WA
8.2 Ollalie/Talapus Lakes WA
8 Shi Shi Beach 2 WA
8 Yellowstone WY
7.5 Blanca Lake WA
7.4 Beckler Peak WA
7.2 Snow Lake 1 WA
7.2 Snow Lake 2 WA
6.4 Looking Glass Rock NC
6 Huntoon Point
Snowshoe
WA
6 Oyster Dome WA
6 South Lost Lake WA
5.4 Mt Plchuck (all) WA
5 Calypso Trail MT
4.6 Heather Lake WA
4 Mt Pilchuck (half) WA
4 Tiger Mountain #3 WA
4 Trillium Lake
Snowshoe
OR
3 Art Loeb Trail NC
2.4 Cresent Beach Trail OR

Details

(All visible pictures and all linked pictures are mine, save “Looking Glass”.  “ON” Denotes “Over Night Trip”)

7 Lake Basin/High Divide (Sol Duc Start, ON at Hoh Lake)

Info: http://www.wta.org/go-hiking/hikes/seven-lakes-basin

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157655624635779

Notes: We started out at Sol Duc, didn’t see much the first day – heavy clouds. Descended to Hoh Lake for the night – saw my first west coast bear! – then back up and around to Sol Duc. Jogged the last few miles; loved it. Would like to head back on clearer days. Im trying to wake up early enough one day to run the whole 18 mile loop in a single day.

7lakesbasin

Appalachian Trail Sections (VA, NC, TN)

Info:

My Pictures: https://www.flickr.com/photos/sintixerr/collections/72157657260626905/

Notes: Full narrative is still being edited. List of sections can be found based on album names in Flickr collection above.

appalachiantrail

 

Art Loeb Trail (Small Section, NC)

Info: http://www.hikewnc.info/trailheads/pisgah-national-forest/long-distance/art-loeb-trail/

My Pictures: https://www.flickr.com/photos/sintixerr/albums/72157657035518922

Notes: Just a quick get-out-and-hike-hike post-AT

artloeb

 Beckler Peak

Info: http://www.wta.org/go-hiking/hikes/beckler-peak

My Pictures: None (Surprisingly?)

Notes: Easy trail for a cool view at the top. A Meetup.com hike. Not sure where my pictures of this are…

 

Blanca Lake

Info: http://www.wta.org/go-hiking/hikes/blanca-lake

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157656647847278

Notes: Seriously the coolest lake I’ve ever been to – and coldest I’ve ever swam in. Amazing place, tough hike, loved it. Go if you can!

blanca

 

Calypso Trail (MT)

 Info: http://visitmt.com/listings/general/b-l-m-trail/calypso-trail.html

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157656643589080

Notes: Driving from DC to Seattle. Found this middle-of-nowhere trail right off the highway. One of the loneliest feeling places I’ve ever been…in a good way. Might have been a bit dumb driving my crappy Jeep Liberty over that bridge you see in the pictures. Alone. Twice.

calypso

 

Crescent Beach Trail (OR)

Info: http://alltrails.com/trail/us/oregon/crescent-beach-trail

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157650073411488

Notes: Another short hike, 90 miles west of Portland. Was my first trip to a beach you can only get to by hiking. Gorgeous beach, gorgeous day. Was held up for awhile by quite a few mountain goats taking their time munching on the trail.

crescentbeach

 

Mt. Dickerman

Info: http://www.wta.org/go-hiking/hikes/mount-dickerman

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157652514230984

Notes: Last hike of the Meetup.com fitness series I was a part of. One of my favorite hikes in Washington so far, but 4000 feet-ish in 4-miles-ish makes you work for it. Still – outstanding alpine meadows, wildflowers, and amazing views.

 dickerman

Enchanted Valley (Twice, ON)

 Info: http://www.wta.org/go-hiking/hikes/enchanted-valley

My Pictures (First Trip): https://www.flickr.com/photos/sintixerr/sets/72157653404525548

My Pictures (Second Trip): https://www.flickr.com/photos/sintixerr/sets/72157655624635779

Notes: Pics have multiple hikes mixed in them. I’ve Overnighted this trip twice. The first time, the Valley was closed so we stayed at Pyrites campsite then hiked most of the way to O’Neil Trail Junction before finding a bridge out. We turned around and headed back to Pyrites, then back to the TH the third day. The second trip we stayed in O’Neil Creek on night 1 then the Valley night 2, where we saw a bear fairly up close. My foot went out, so we ended up not going further again. I will get up that mountain to Anderson Glacier!

enchantedvalley 

Heather Lake

Info: http://www.wta.org/go-hiking/hikes/heather-lake-1

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157649754945494

Notes: Cute Lake. Pretty easy lake to hike to. Recommend J

heatherlake

 

Hoh Rain Forest River Trail (to Olympic Ranger Station, ON)

Info: http://www.wta.org/go-hiking/hikes/hoh-river-elk-lake

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157654176106783

Notes: Hikes through the Hoh Rainforest in a one-nighter. Stayed at the Olympic Ranger station, but made it another ¾ mile or so – and that last ¾ mile absolutely made the whole hike worth it.. Some of the prettiest, most magical, scenes I’ve ever been in. A walk through an enchanted tunnel with a couple of deer was particularly surreal. As were the faeries that came out of the log.

 hoh

Huntoon Point (Snowshoe via Artist’s Point)

Info: http://www.wta.org/go-hiking/hikes/huntoon-point

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157651366650818

Notes: This was my first “real” snowshoe and it was hard! But I was with some Mountaineers and our group was the one that didn’t turn around. Good for us because I’ve never ever been in such grand, amazing surroundings. Certainly not in the snow; too much Florida in my youth. Some of the best pictures Ive taken of the outdoors – they’re glorious.

baker

 

Looking Glass Rock (NC)

Info: http://www.romanticasheville.com/looking_glass.htm

My Pictures: Somewhere, still looking, so here are someone else’s:

http://www.main.nc.us/naturenotebook/hikes/pix/lookingglassrock.JPG

Notes: This was a quick fun post-AT hike while I was decompressing in Asheville (go AirBnB!). Cool looking mountain-stub-rounded-cliff-face-thing.

 

Marmot Pass (ON)

Info: http://www.wta.org/go-hiking/hikes/marmot-pass-upper-big-quilcene

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157649736351794

Notes: Led an overnight Meetup trip myself with a couple of guys I didn’t know. Got there earlier than expected and it was colder than expected. Not as cool as I thought it would be, although it was certainly gorgeous. On my list to return to this summer to go explore some of the connecting trails.

 marmot

Ollalie/Talapus Lakes

Info: http://www.wta.org/go-hiking/hikes/talapus-lake

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157648770946943

Notes: One of the Meetup.com fitness series hikes. Snow. :)

 talollielakes

Oyster Dome (Most)

Info: http://www.wta.org/go-hiking/hikes/oyster-dome

My Pictures: None

Notes: Didn’t quite make it to the top; it was terrible weather and nothing to see. We could’ve kept going, we just didn’t care. One of the Meetup.com fitness series hikes.

 

Mt. Pilchuck (Twice)

Info: http://www.wta.org/go-hiking/hikes/mount-pilchuck

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157653404525548

Notes: First trip I only made it about 2/3 of the way up. It was a fitness-building hike, I had 30lbs on by back, and hadn’t slept in almost a week. The second time I came back with my sister and her boyfriend and made it to the top and it was a lot easier and more fun than the first time (note: not the lookout, I didn’t feel up to scrambling)

 pilchuck

Shi Shi Beach (Twice)

Info: http://www.wta.org/go-hiking/hikes/north-shi-shi-access

My Pictures (first trip): https://www.flickr.com/photos/sintixerr/sets/72157650798832336

My Pictures (second trip): https://www.flickr.com/photos/sintixerr/sets/72157655624635779

Notes: First time was a meetup hike – my first in Washington State! We ended up walking back and forth along the beach several times – plus bushwhacked down a very old mining path to a lake deep into the woods (hence the trip length). TONS of coastal life everywhere. Second trip was with a friend and we spent a lot of time watching Seals.

 shishi

Snow Lake (Twice: Winter Snow, Summer Dry)

Info: http://www.wta.org/go-hiking/hikes/snow-lake-1

My Pictures (snow trip): https://www.flickr.com/photos/sintixerr/albums/72157650597387518

My Pictures (summer trip): https://www.flickr.com/photos/sintixerr/sets/72157656212384548

Notes: Did Snow Lake twice. The first time was in the winter in snow with microspikes. It was actually pretty easy – deceptively so. Going back, I took a first time hiker (old friend) who had a pretty tough time with the trail; it was way rockier and exposed to sun and heat than I remembered

snowlake

South Lost Lake (Not) 

Info: http://www.wta.org/go-hiking/hikes/south-lost-lake-trail

My Pictures: None

Notes: I actually don’t know where we ended up hiking; our hike leader couldn’t find the right trailhead. J Lost Lake remained lost.

 

Surprise Lake

Info: http://www.wta.org/go-hiking/hikes/surprise-lake-1

My Pictures: None

Notes: I’ve been told I was on this hike. I don’t remember it. Wait…I think it rained. A lot. Till we were soaked through our heaviest rain gear. Ugh. This is why I try not to remember it.

 

Thunder Creek (Far, ON)

Info: http://www.wta.org/go-hiking/hikes/thunder-creek-1

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157652334533772

Notes: Not as many classically scenic viewpoints as many other hikes, but it was really enjoyable – both the scenery and company. (I led several Meetup folks on this trip.)  We went past the standard WTA hike, but I cant quite recall where we stopped, except it was about 10.2 miles in. We didn’t do 4th of July pass or whatever.

 thunder

Tiger Mountain #3

Info: http://www.wta.org/go-hiking/hikes/west-tiger-3

My Pictures: Totally not worth it

Notes: Just a training hike alone. It was boring as sin. Got a decent distance up then just stopped and came back.

 

Trillium Lake Snowshoe

Info: http://www.fs.usda.gov/recarea/mthood/null/recarea/?recid=53514&actid=91

My Pictures: https://www.flickr.com/photos/sintixerr/albums/72157657342434570

Notes: This was a super easy snowshoe that I really screwed up and almost died during. It was flat and sunny out when I left, but I wore jeans, didn’t have a headlamp, and didn’t have a map – it was a circle after all – and it was my first snowshoe ever. It rained. Then it snowed. And it was getting dark. I was getting really cold and there were two exit options, both far, and one led to my car. I guessed and picked right.

trillium 

Upper Lena Lake

Info: http://www.wta.org/go-hiking/hikes/upper-lena-lake

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157653060933235

Notes: I almost died on this hike; really close. Fell off a ledge/stream/waterfall. Was inches from falling 40 feet.. landed 4 feet down instead. Beautiful area, but still feel sketch about going back. If it’s been wet out in the area, several areas are pretty tough. Went with two friends.

 lena

Yellowstone (Somewhere?)

Info:NA

My Pictures: https://www.flickr.com/photos/sintixerr/sets/72157653404525548

Notes: A random hike in Yellowstone. Was pretty, but the PNW has this particular hike beat on all accounts, even if the threat of grizzlies does add an edge. We did see 10’s of prairie dogs in one area and some geese being hysterical. Oh..and a lone wolf! Was with my sister and her boyfriend.

 yellowstone

So the results of the Mozilla Delphi project are out. I was one of the panelists – alongside some pretty well known names like Jane Hall Lute, Bruce Schneier, and some other big etc.’s.   You can find it here:

https://blog.mozilla.org/netpolicy/files/2015/07/Mozilla-Cybersecurity-Delphi-1.0.pdf

And some background here:

https://wiki.mozilla.org/Netpolicy/Cybersecurity_Delphi#Report_Now_Published

“Mozilla’s Cybersecurity Delphi 1.0 is a step to address this gap, by identifying and prioritizing concrete threats and solutions. Through the iterative structure of the Delphi method, we will build expert consensus about the priorities for improving the security of the Internet—infrastructure to protect public safety, sustain economic growth, and foster innovation. The Delphi method offers unique benefits in this context because it aggregates the input of a diverse, broad set of voices, using a discrete and defined process with a clear, fixed end point and a mechanism for non-attribution to encourage open and through engagement. “

Im still processing the results, many of which I adamantly disagree with, but what I think the report mainly shows is that “cybersecurity” isn’t a thing that exists outside of specific sets of contexts and perspectives and goals. It just goes…poof…and disappears as a concept if it’s not bracketed by material constraints. The all over the board nature of the responses seems to demonstrate that (even though Mozilla did a good job creating a narrative around them).

That said, I think there are some interesting points in the document and that it’s worth a read – at the very least you’ll get to see some of the filter biases of some very smart people (obviously including my own).  And those are worth knowing, because very often our human fears and backgrounds and perceptions are not reflective of actual risks and needs.

 

Today I saw an announcement for another cybersecurity leadership council filled with the usual suspects:

https://www.uschamber.com/press-release/us-chamber-announces-launch-cybersecurity-leadership-council?utm_source=Facebook&utm_medium=Wallpost&utm_campaign=Status

“When it comes to the cybersecurity of our networks, the private sector has the capabilities and the market has produced good solutions. Now we need to focus on mitigation of cyber risks through cross-sector information sharing efforts, public and private partnerships, and the improvement of cyber hygiene of businesses of all sizes,” said Howard Schmidt, a partner at Ridge-Schmidt Cyber, and chairman of the council.

Sigh. Let me give this to you all straight:

First, our cybersecurity exposure is fundamentally created by how businesses go about making money. It’s about corporate discipline, perception, culture, value chains, investment strategies, procurement, marketing, communication, trust, operational quality, etc. Cybersecurity state is NOT primarily a function of anything that happens in a CISO’s office, It has very little to do with Information Sharing (as typically defined in this conversation), and Public Private Partnership success depends on having some sort of comprehensive problem space model which precedes conclusions (and the language provided starts with conclusions without a consensus problem space model anywhere).

CISO’s activities are done as a result of a business’s actual exposure – created OUTSIDE of the CISO’s office – business perception of its risk – created by its culture – and actual threat actors – which neither the business nor the CISO’s office directly controls.  Therefore any conversation or effort centered on how to do “Cybersecurity” better will, almost by definition, fail.  “Cybersecurity”, if defined as “activities centered around the CISO’s office and levers to enable the CISO’s office”, has little to no influence or control over the business risk level created by ICT (Internet Connected Technology) use  because it neither controls nor influences ANY of the primary environmental factors.

The problem is, since coordinating solutions on the non-CISO’s office problem space (exposure creation) requires dealing directly with how businesses make money, it’s a really tough nut to crack (legally, politically, financially, culturally, etc) and few are willing to do it. It’s MUCH easier to focus on the CISO’s office – even at the expense of success. And, besides, we have a whole security industry telling us that another box or service will solve the problem.  (For those not following along, what they mean by “solve the problem” is “hold the line until you slowly drown in the cascading consequences of rising complex conflict interactions online”)

Further, technically, even if we did move the conversation to “how we do business in general and how that creates exposure” – which NONE of the language around the new group even smells like it might be saying – the way we build IT and OT infrastructure is not securable to the level we desire it to be for the cost we wish to pay. Full stop.  This is not a “security” problem, this is a mathematical complexity problem that has to do with error rate and organizational competency across time and disciplines.  Moving further on “cybersecurity” without changing the surrounding technical environment – transformationally, not evolutionarily – is an abject waste of time.

Anyone telling you different is selling you something, ignorant, or has unfortunate perspective blinders on.

I wrote the following up in response to a mailing list thread on some sort of anti-OPM petition campaign. I think the original email and a subsequent follow-up from me to a bunch of replies deserve repeating here:

Part 1:

I’m calling shenanigans. Why are we picking on OPM???

We’re seeing numbers like “76% of organizations breached in past 12
months”.  Or “97% of networks have been breached” etc (the numbers are
coming from all over – and back up anecdotal evidence – so whichever
source you do or don’t believe, it’s still “a whole damn lot”).

Many of these organizations do have sucky security. Many … do not.
Many are, actually, pretty good at it.

What does this mean? It means that, in today’s world, keeping your
network clean, over time, is next to impossible.  It requires a level
of competency and diligence that few organizations have in any other
respect than their core business competencies.  It also means that
bemoaning the state of government cybersecurity over that of private
industry cybersecurity is just…talk.  *Everyone* is getting owned,
at some point or another.

Publicly flaying OPM does absolutely nothing good and it harms our
collective ability to get better in the future.

How/Why?

Because one of the major roadblocks to real improvement is the infrequency of organizations willingly
admitting – publicly or even, often, to themselves – that they’re having a
really tough time with security…..mainly because exactly this
type of villagers-with-torches response occurs when they do.

Being unable to admit difficulty/failure, they’re unable to work publicly together
or with other institutions and organizations to collectively figure out a way
forward.

Im sure OPM committed all sorts of infosec sins. Im sure they acted
with classically government idiocy in some respects.

But they would have been compromised anyway by the people who
compromised them in order to get the data that was gotten. Just like
everyone else.

If we can stop making things so damn adversarial, maybe we’ll be able
to get together and stop….losing….so badly.

Part 2 (Response to a lot of dialogue):

Thanks for all the thoughtful responses so far. FWIW, I suggest
taking my points in total, as they were meant to be:

1. L* and A* are right, you can protect “the crown jewels” if you
try hard enough. But, that’s really not enough to reduce the
environmental conflict level, so it really is only an intense holding
pattern.

2. While this is possible, everyone is making mistakes anyway – it’s
just a matter of degree of mistakes. In fact, that’s the deep nature
of the problem: It’s too hard to not screw up eventually (even
protecting crown jewels).

3. Some companies make “better” mistakes than others
(Kaspersky/LastPass’s post exploitation activities being a good
example of “better mistakes”), but it’s a matter of degree of mistake
vs a matter of “not doing some  that we
know sustainably works with a sufficiently low error rate”

4. Although the government (or any organization with important data)
should, from a “fairness” perspective, be held to a higher level of
accountability, from a practical standpoint, that’s actually not
*helpful* at this stage – which was the central point of my original
post.  This is because:

5. …even if we hold everyone who needs to be held accountable to
make the “best mistakes” possible, it doesn’t get us where we need to
be ***and*** has the side affect of creating an environment which is
hostile to admission of failure.

6. Without candid admission that “we need a whole new re-think of this
problem space”, we’re going to keep doing the insane – more of the
same and expecting different results. Further investing in infosec as
we know it, or limiting protection to crown jewels, simply delays the
inevitable.

7. The “inevitable” without change is a level of constant hostility
and conflict that will escalate until even protecting the crown jewels
will not be sufficient for people to be able to do business
economically online (or until the profitability/value curve for the
adversaries flattens).

8. So instead of beating up OPM, we should be taking a long hard look
at the very long list of crappy companies and excellent companies who
have been breached and ask ourselves “What’s missing”

9. Because, right now, a list of “InfoSec Best Practices” is a list of
activities that aren’t sustainably working.

I got to give about…half…of this presentation this week near Seattle. Obviously it’s missing a lot without the verbal presentation, but I think it’s a good one and maybe folks can get value out of the deck.

Oh wow…talk about a throwback. I just discovered this video of me at the first ReCon in 2005 talking about IDS and Security Data Visualization Theory and Practice. It’s all still completely valid.  Enjoy!!!

https://archive.org/details/recon-2005-visual-analysis

About Me

Jack Whitsitt

Jack Whitsitt

National Cyber Security. Risk. Multi-Dimensional Rainbows. Maker of conceptual lenses. Artist. Facilitator. Educator. Past/Future Vagabond. Drinks Unicorn Tears.

Follow me on Twitter

My Art / Misc. Photo Stream

randomportangeles - 1

randomportangeles - 2

saddoll - 1

feather - 1

oregon - 1

More Photos
Follow

Get every new post delivered to your Inbox.

Join 55 other followers