I just came back from an overnight camp at Alfonso, Cavite for a completion activity for my Camping class two semesters ago.
Here are some of the lessons I learned from the camp:
Lesson #1: Knowing is half the battle.
Never sleep 2 hours before your expected time of departure. My mistake. We were scheduled to leave Quezon City by 7am. I intended to sleep for thirty minutes but woke up after 3 hours. And yes, they left me. So I rang my professor. He told me that I would have to find my way there. Then he sent me an SMS containing instructions on how to get there. After five minutes, he rang me up again telling me that he has arranged a transportation for me with a UP Mountaineers member. (Yippee!)
The trip turned out to be a really interesting one. Seeing how the traffic was along Edsa, we tried to avoid the traffic by taking the route to Pasay via Manila. It was a longer route compared to Edsa but like what Sir Omi said, at least the traffic was moving. After 2 hours, we were still at Pasay. It took almost 4 hours to compete a normally two and a half hours trip to Tagaytay.
With him being an alumnus of the University I’m currently attending, we found a common ground at once. Along the way, we chatted about college life, computers, security, music, food, internet and even coffee.
Often being around with tech-savvy people, I thought a basic knowledge in info-security is man’s second nature. I was gravely mistaken. I was the only tech-savvy amidst HK majors and most of them are digitally unaware when it comes to security. I realized the severity of the problem of the security community. I think its time that we crawl out of our holes and start to enlighten the digitally ignorant minds. I know it won’t be an easy task but we cannot point our fingers to user-ignorance forever and do nothing.
Lesson #2: Calculated risks.
Mountaineering is not just a hobby, its a lifestyle. At least that was what they said, and since they have been doing this for almost their entire lives, I’ll take their word for it. Its a lifestyle constantly dealing with risks. By the campfire’s light, they told us how it feels to be a mountaineer and its like to conquer mountains. They were the ones who opened a great number of mountains in the country, exploring them for the first time. One of the campfire stories where the story of four of their most experienced mountaineers. They were one of the founding members of the UP Mountaineers and one of the “conquerors of Mt. Giting-giting”, a very dangerous mountain. four years after they explored and opened Mt. Giting-giting four of the original members of the expedition team went back. They planed to traverse the mountain by getting up through the usual path but getting down through the mountain’s river at the other side, something that has not been done before. And that is when they lost four of their most experienced mountaineers. They assembled six teams (each teem consisting of three members) of their “most-macho” mountaineers for a search and rescue operation but it turned out to be a retrieval operation. At that time, they thought it was the end of the UPM. They thought that parents would sue them after what happened. But that didn’t happen instead they became closer to them. And after four from their ranks died in the mountain, that’s when they realized the importance of calculated risks.
Their lifestyle is indeed full of risks because there are a lot of factors that they cannot control like the forces of nature. I think the same goes with security. There are a lot of things that a security specialist cannot control, like the user, the hardware and even physical security. It is always important to calculate the risks. In mountaineering, they say that if no one was supposed to die, then don’t die. Even in the presence of all the risks, you should try your best to protect yourself. The same is true for security, if your system shouldn’t be hackable, then it shouldn’t be. There is no perfectly secure system as there is no unsolvable algorithm but we should always try our best to secure the information and that systems that we need to secure.
Lesson #3: Planning is very important.
I realized I left a lot of things when I was at the camp. I even forgot my blanket. It was really, really cold there. Luckily, my group mates were really, really helpful. In the end, it turned out to be one of the best camps I’ve ever had.
Even lectures really emphasized the importance of planning as it diminishes the risks. They say that if you want to do something, do it the right way. I think this is true for everything, even security. Even of sometimes a things do not go as planned, the more you leave things to chance the more vulnerable you are. Would you rather patch your system later than do the right thing today?