7 Pressing Cybersecurity Questions Boards Need to Ask (2022)

Boards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster.

In this article we offer 7 questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.

For every new technology that cybersecurity professionals invent, it’s only a matter of time until malicious actors find a way around it. We need new leadership approaches as we move into the next phase of securing our organizations. For Boards of Directors (BODs), this requires developing new ways to carry out their fiduciary responsibility to shareholders, and oversight responsibility for managing business risk. Directors can no longer abdicate oversight of cybersecurity or simply delegate it to operating managers. They must be knowledgeable leaders who prioritize cybersecurity and personally demonstrate their commitment. Many directors know this, but still seek answers on how to proceed.

We conducted a survey to better understand how boards deal with cybersecurity. We asked directors how often cybersecurity was discussed by the board and found that only 68% of respondents said regularly or constantly. Unfortunately, 9% said it wasn’t something their board discussed.

When it comes to understanding the board’s role, there were several options. While 50% of respondents said there had been discussion of the board’s role, there was no consensus about what that role should be. Providing guidance to operating managers or C-level leaders was seen as the board’s role by 41% of respondents, participating in a tabletop exercise (TTX) was mentioned by 14% of the respondents, and general awareness or “standing by to respond should the board be needed” was mentioned by 23% of Directors. But 23% of respondents also said there was no board plan or strategy in place.

Building on our findings, we developed the following recommendations for what Boards of Directors need to know, actionable steps directors can take, and smart questions you should ask at your next meeting.

Five things directors need to know about cybersecurity.

1. Cybersecurity is about more than protecting data.

Back in the “old days,” protecting organizations from cyber incidents was primarily seen as protecting data. Company execs worried about personal information being leaked, customer lists being stolen, and credit cards being used fraudulently. These are still issues, but cybersecurity is about more than just protecting data. As we have digitized our processes and our operations, connected our industrial complexes to control systems that enable remote management of large equipment, and linked our supply chains with automatic ordering and fulfillment processes, cybersecurity has taken on a much larger position in our threat landscape. Poor oversight can mean more than paying fines because data was not protected appropriately. Directors need a real picture of the cyber-physical and cyber-digital threats their organizations face.

(Video) 7 Questions, 7 Mistakes, and a CISO Checklist - BSW #253

2. The BODs must be knowledgeable participants in cybersecurity oversight.

It’s the BOD’s role to make sure the organization has a plan and is as prepared as it can be. It’s not the board’s responsibility to write the plan. There are many frameworks available to help an organization with their cybersecurity strategy. We like the NIST Cybersecurity Framework, which is a framework developed by the U.S. National Institute of Standards and Technology (NIST). It is simple and gives executives and directors a good structure for thinking through the important aspects of cybersecurity. But it also has many levels of detail that cyber professionals can use to install controls, processes, and procedures. Effective implementation of NIST can prepare an organization for a cyberattack, and mitigate the negative after-effects when an attack occurs.

The NIST framework has 5 areas: identify, protect, detect, respond, and recover. Organizations who are well-prepared for a cyber incident have documented plans for each of these areas of the NIST framework, have shared those plans with leaders, and practiced the actions to be taken to build muscle memory for use in a breach situation.

3. Boards must focus on risk, reputation, and business continuity.

When cyber professionals develop policies and practices, the fundamental triad of goals is to ensure confidentiality, integrity, and availability of both systems and data (the “CIA” of cybersecurity). That’s necessary, but the discussion would be very different than one about the goals of risk, reputation, and business continuity, which are the key concerns of the BOD.

While the board tends to strategize about ways to manage business risks, cybersecurity professionals concentrate their efforts at the technical, organizational, and operational levels. The languages used to manage the business and manage cybersecurity are different, and this might obscure both the understanding of the real risk and the best approach to address the risk. Perhaps because cybersecurity is a rather complex, technical field, the board might not be fully aware of cyber-risks and the necessary protective measures that need to be taken. But there are actionable approaches to address this.

Directors do not need to become cyber experts (although having one on the board is a good idea). By focusing on common goals: keeping the organization safe and operational continuity, the gap between the BOD role and the cybersecurity professionals’ role can be narrowed. Establishing clear, consistent communication to share useful and objective metrics for information, systems controls, and human behaviors is the first step. Comparisons to existing best practices and methodologies for cybersecurity risk management is another activity to identify areas of need and areas of strength in the organization. Directors asking smart questions of their cybersecurity executives is yet a third action to close the gap.

4. The prevailing approach to cybersecurity is defense-in-depth.

A series of layered protective measures can safeguard valuable information and sensitive data because a failure in one of the defensive mechanisms can be backed up by another, potentially impeding the attack and addressing different attack vectors. This multi-layered approach is commonly referred to as the “castle approach” because it mirrors the layered defenses of a medieval castle to avoid external attacks.

Layers of defense often include technology, controls, policy, and organization mechanisms. For example, firewalls (and many companies have multiple firewalls), identity and access management tools, encryption, penetration testing, and many others are all technological defenses that provide barriers to, or detection of, breaches. Artificial intelligence technologies promise to strengthen these barriers as new and persistent threats arise. But technology alone cannot keep us safe enough. Security Operations Centers (SOCs) provide oversight and human involvement to notice things the technologies miss, as was the case in the SolarWinds breach, where an astute associate noticed something unusual and investigated. But even SOCs can’t keep the organization 100% safe.

(Video) Cybersecurity and Risk Management at VA: Addressing Ongoing Challenges and Moving Forward

Policies and procedures are necessary to meet control requirements and those are set up by management. And, frankly, in today’s world, we need every single person in our organizations to provide some level of defense. At a minimum, everyone must be aware of scams and social engineering attempts to avoid falling victim. By the way, that includes directors, who are also targets and must know enough to not be caught by fallacious emails or notices.

5. Cybersecurity is an organizational problem, not just a technical problem.

Many cybersecurity problems occur because of human error. A study from Stanford University revealed that 88% of data breach incidents were caused by employee mistakes. Aligning all employees, not just the cybersecurity team, around practices and processes to keep the organization safe is not a technical problem — it’s an organizational one. Cybersecurity requires awareness and action from all members of the organization to recognize anomalies, alert leaders, and ultimately to mitigate risks.

Our research at MIT suggests this is best done by creating a cybersecurity culture. We define a “cybersecurity culture” as an environment infused with the attitudes, beliefs and values which motivate cybersecurity behaviors. Employees not only follow their job descriptions but also consistently act to protect the organization’s assets. This does not mean that every employee becomes a cybersecurity expert; it means that each employee is held accountable for overseeing and behaving as if he or she was a “security champion.” This adds a human layer of protection to avoid, detect, and report any behavior that can be exploited by a malicious actor.

Leaders set the tone for prioritizing this kind of culture, but they also reinforce and personify the values and beliefs for action. The BOD has a role in this, too. Simply by asking questions about cybersecurity, directors imply that it is an important topic for them, and that sends the message that it needs to be a priority for corporate executives.

The questions your board needs to hear.

Here is a list of seven questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.

1. What are our most important assets and how are we protecting them?

We know we cannot be 100% secure. Difficult decisions must be made. The BOD must make sure the organization’s most important assets are secure at the highest reasonable level. Is that your customer data, your systems and operational processes, or your company IP? Asking what is being protected and what needs to be protected is an important first step. If there is no agreement on what to protect, the rest of the cybersecurity strategy is moot.

2. What are the layers of protection we have put in place?

Protection is done with multiple layers of defense, procedures and policies, and other risk management approaches. Boards don’t need to make the decision on how to implement each of these layers, but the BOD does need to know what layers of protection are in place, and how well each layer is protecting the organization.

(Video) Dealing with your most pressing cybersecurity threats

3. How do we know if we’ve been breached? How do we detect a breach?

The BOD would be ignoring an important part of their fiduciary responsibility if it does not ensure that the organization has both protection and detection capabilities. Since many breaches are not detected immediately after they occur, the BOD must make sure it knows how a breach is detected and agree with the risk level resulting from this approach.

4. What are our response plans in the event of an incident?

If a ransom is sought, what is our policy about paying it? Although the board is not likely to be part of the detailed response plan itself, the BOD does want to be sure that there is a plan. Which executives and leaders are part of the response plan? What is their role? What are the communications plans (after all, if systems are breached or unreliable, how will we communicate?). Who alerts authorities? Which authorities are alerted? Who talks to the press? Our customers? Our suppliers? Having a plan is critical to responding appropriately. It’s highly unlikely the plan will be executed exactly as designed, but you don’t want to wait until a breach happens to start planning how to respond.

5. What is the board’s role in the event of an incident?

It would be helpful for the BOD to know what their role will be and to practice it. Is the board’s role to decide on paying a ransom or not, to talk to the largest customers, to be available for emergency meetings with organization execs to make just-in-time decisions? An earlier article of ours discussed the importance of practicing responses. Using fire drills and tabletop exercises to build muscle memory sounds like a luxury, but should your company have an incident, you want to be sure that response muscle is ready to work.

6. What are our business recovery plans in the event of a cyber incident?

Many execs we have interviewed have not tested their business recovery plans. There can be significant differences in the recovery from a business disruption due to a cyber incident. Data recovery might be different if all records are destroyed or corrupted by a malicious actor who encrypts files or manipulates them. BODs want to know who “owns” business recovery, whether there is a plan for how to make it happen, and if it has been tested with a cyber incident in mind?

7. Is our cybersecurity investment enough?

You can’t invest enough to be 100% secure. But since a budget must be set, it is crucial that companies guarantee they have an excellent security team with the appropriate expertise to tackle technical problems and understand vulnerabilities inside the core critical functions of the business. By doing that, the company will be better prepared to allocate investment where it is most needed. Companies should evaluate their level of protection and their risk tolerance before they engage in new investments. Two ways to do this are through simulations of cyber-attacks and from penetration/vulnerability tests. These actions expose vulnerabilities, enable actions to minimize potential damage based on priority, risk exposure and budget, and ultimately ensure appropriate investment of time, money, and resources.

Boards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster.

Acknowledgement: This research was supported, in part, by funds from the members of the Cybersecurity at MIT Sloan (CAMS) consortium.

(Video) EUROCONTROL Stakeholder Forum on cybersecurity

FAQs

What boards should know about cybersecurity? ›

Boards must focus on risk, reputation, and business continuity. When cyber professionals develop policies and practices, the fundamental triad of goals is to ensure confidentiality, integrity, and availability of both systems and data (the “CIA” of cybersecurity).

What questions we can ask about cyber security? ›

Cybersecurity questions about your information security program or the threats you face
  • Why do I need to worry about information security? ...
  • What are the biggest cybersecurity threats right now? ...
  • What are our compliance obligations regarding sensitive data?

What are the 7 types of cyber security threats list them clearly with their definitions? ›

7 Types of Cyber Security Threats
  • Malware. Malware is malicious software such as spyware, ransomware, viruses and worms. ...
  • Emotet. ...
  • Denial of Service. ...
  • Man in the Middle. ...
  • Phishing. ...
  • SQL Injection. ...
  • Password Attacks. ...
  • The Internet of Things.

What are the 6 tips of cyber security awareness? ›

The Top 10 Personal Cyber Security Tips
  • Keep Your Software Up to Date. ...
  • Use Anti-Virus Protection & Firewall. ...
  • Use Strong Passwords & Use a Password Management Tool. ...
  • Use Two-Factor or Multi-Factor Authentication. ...
  • Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers.

What are the biggest cybersecurity threats right now? ›

Cybersecurity Threats and Trends for 2022. Phishing Gets More Sophisticated — Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.

What is the role of the board in cyber security? ›

In its role of oversight, the Board not only looks at the company's financial systems and controls but is also duty- bound to oversee its overall cybersecurity management, including appropriate risk mitigation strategies, systems, processes, and controls.

Which cybersecurity key questions and aspects must be considered? ›

7+ Key Cybersecurity Questions Your Board Should Ask
  • Do we have the information we need to oversee cyber risks? ...
  • How effective is our cybersecurity strategy at addressing business risks? ...
  • Do we have cyber insurance? ...
  • Do we have the right data governance strategy to minimize cyber risk?
Jun 1, 2020

What is a great discovery question you would ask your customer to understand their security requirements? ›

Top 10 security questions to ask your prospects

What, if any, security processes do you have integrated with your current business processes? What do you perceive as your major security risks? Have you identified how unauthorized disclosure of your data may occur?

Why did you choose cyber security Interview Questions? ›

Cybersecurity Interview Questions to Prepare for in 2022
  • What do you find interesting about cybersecurity? ...
  • Why did you choose cybersecurity to build your career? ...
  • Which qualities of yours make you a good candidate for a role in cybersecurity? ...
  • Do you think continuous learning is important in a cybersecurity career?
Feb 9, 2022

What are the 4 main types of vulnerability in cyber security? ›

Security Vulnerability Types
  • Network Vulnerabilities. These are issues with a network's hardware or software that expose it to possible intrusion by an outside party. ...
  • Operating System Vulnerabilities. ...
  • Human Vulnerabilities. ...
  • Process Vulnerabilities.

What are the 6 common types of threats? ›

The six types of security threat
  • Cybercrime. Cybercriminals' principal goal is to monetise their attacks. ...
  • Hacktivism. Hacktivists crave publicity. ...
  • Insiders. ...
  • Physical threats. ...
  • Terrorists. ...
  • Espionage.
Mar 25, 2015

What are the top 10 security threats? ›

Top 10 Threats to Information Security
  • Technology with Weak Security. New technology is being released every day. ...
  • Social Media Attacks. ...
  • Mobile Malware. ...
  • Third-party Entry. ...
  • Neglecting Proper Configuration. ...
  • Outdated Security Software. ...
  • Social Engineering. ...
  • Lack of Encryption.

What are 10 good cybersecurity practices? ›

Top Cybersecurity Tips in 2022
  • Keep software up-to-date. ...
  • Avoid opening suspicious emails. ...
  • Keep hardware up-to-date. ...
  • Use a secure file-sharing solution. ...
  • Use anti-virus and anti-malware. ...
  • Use a VPN to privatize your connections. ...
  • Check links before you click. ...
  • Don't be lazy with your passwords!

What are the 10 recommended tips for cyber security? ›

"Top 10" List of Secure Computing Tips
  • Tip #1 - You are a target to hackers. ...
  • Tip #2 - Keep software up-to-date. ...
  • Tip #3 - Avoid Phishing scams - beware of suspicious emails and phone calls. ...
  • Tip #4 - Practice good password management. ...
  • Tip #5 - Be careful what you click. ...
  • Tip #6 - Never leave devices unattended.

What is basic cyber security measures? ›

Cybersecurity measures include preventing, detecting, and responding to cyberattacks. Any information stored on an Internet-connected device, computer system, or network can be hacked. With the proper measures in place, this can be prevented.

What is the #1 cybersecurity threat today? ›

1) Phishing Attacks

The biggest, most damaging and most widespread threat facing small businesses are phishing attacks. Phishing accounts for 90% of all breaches that organizations face, they've grown 65% over the last year, and they account for over $12 billion in business losses.

What are the 5 threats to cyber security? ›

Here are the current top five cyber threats that you should be aware of.
  • Ransomware. ...
  • Phishing. ...
  • Data leakage. ...
  • Hacking. ...
  • Insider threat. ...
  • businessadviceservice.com. ...
  • businessadviceservice.com.

What are the most common cyber attacks 2022? ›

According to the Sophos 2022 Threat Report, three of the biggest threats businesses can expect to see this year are ransomware, malware on mobile devices and attacks on internet infrastructure.

Where is cyber security used? ›

Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.

What is cyber insurance? ›

A cyber insurance policy helps an organization pay for any financial losses they may incur in the event of a cyberattack or data breach. It also helps them cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.

Is and cyber security? ›

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

What should I ask for in discovery? ›

Here are some of the things lawyers often ask for in discovery: anything a witness or party saw, heard, or did in connection with the dispute. anything anyone said at a particular time and place (for example, in a business meeting related to the dispute or after a car accident that turned into a lawsuit)

What key questions would you ask during a process discovery exercise? ›

9 of our favorite discovery questions and why to use them
  • What problem are you trying to solve? ...
  • Tell me about your current process. ...
  • What do you do day-to-day? ...
  • What are your top priorities? (price, value, etc.) ...
  • Who's involved in the decision-making process? ...
  • Do you have a timeline for getting a new tool/ service?

What is an open discovery question? ›

Discovery questions are the questions you ask to understand whether or not a prospect is a good fit for your product (and vice versa). They're normally open-ended questions about the challenges, obstacles, and current processes in a business that relate to what you're selling.

How do you introduce yourself in a cybersecurity interview? ›

Tell Me About Yourself - Cybersecurity Job Interview Answer - YouTube

What is risk in cyber security? ›

Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts to organizational operations (i.e., mission, functions, image, or reputation) and assets, individuals, other organizations, and the ...

What should I wear to a cyber security interview? ›

A suit, jacket and tie, or just a jacket works best for men, and women should wear business attire as well, such as a dress, skirt or pantsuit. Make sure that your clothes fit well, and fit correctly. A jacket or suit that is too large often makes people look very young or childlike.

What are the three security goals? ›

These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA triad. Together, these three principles form the cornerstone of any organization's security infrastructure; in fact, they (should) function as goals and objectives for every security program.

What does CVE stand for? ›

CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number. Security advisories issued by vendors and researchers almost always mention at least one CVE ID.

What are the three foundational principles of the cybersecurity domain? ›

The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability.

What are the three 3 threats to information security? ›

Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.

What are the three 3 types of cyber threats? ›

Types of cyber threats your institution should be aware of include: Malware. Ransomware. Distributed denial of service (DDoS) attacks.

What are the four types of cyber attacks? ›

Types of Attacks
  • Common Types of Cybersecurity Attacks.
  • Phishing Attacks: A Deep Dive with Prevention Tips.
  • SQL Injection Attacks (SQLi)
  • Cross-Site Scripting (XSS) Explained and Preventing XSS Attacks.
  • Man-in-the-Middle (MITM) Attacks.
  • Malware Attacks: Examined and Best Practices.
  • Denial-of-Service Attacks.

What are the top 10 cyber attacks? ›

A throwback on some of the most high profile cyberattacks of 2021, how they were remediated, and what could have been done to prevent them.
  • Quanta Ransomware Attack, April.
  • Brenntag Ransomware Attack, April.
  • Colonial Pipeline Ransomware Attack, May.
  • JBS Foods Ransomware Attack, May.
  • Kaseya VSA Ransomware Attack, July.

What are the biggest cybersecurity threats right now 2021? ›

Phishing emails, RDP exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents in 2021. Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware.

What will cybersecurity look like 10 years from now? ›

In the next ten years, we will see more biometrics and use additional authentication methods with the mobile devices we already have in our pockets. The role of artificial intelligence in future cybersecurity cannot be underestimated. Experts believe that AI will be a catalyst and help us deal with threats in new ways.

What are the 11 rules of cyber hygiene? ›

Key steps for good cyber hygiene
  • Step 1: Install reputable antivirus and malware software. ...
  • Step 2: Use network firewalls. ...
  • Step 3: Update software regularly. ...
  • Step 4: Set strong passwords. ...
  • Step 5: Use multi-factor authentication. ...
  • Step 6: Employ device encryption. ...
  • Step 7: Back up regularly. ...
  • Step 8: Keep your hard drive clean.

How we can improve cyber security? ›

Here are five suggestions.
  1. Enforce password rules. Strong passwords are one of the first lines of defense against breaches and changing them occasionally may help keep hackers out. ...
  2. Update regularly. ...
  3. Implement VPNs for all connections. ...
  4. Retire all unused services. ...
  5. Leverage existing security options.

How can you make yourself cyber safe in 100 words? ›

8 Habits to Stay Cyber-Safe
  1. Think twice before clicking on links or opening attachments. ...
  2. Verify requests for private information. ...
  3. Protect your passwords. ...
  4. Protect your stuff! ...
  5. Keep your devices, browsers, and apps up to date. ...
  6. Back up critical files. ...
  7. Delete sensitive information when it's no longer needed.

Why is cyber security so hard? ›

Some factors that make cyber security hard to learn are: Large numbers of tools. Since there are so many potential attacks, a cyber security professional must be familiar with various complex cybersecurity tools, technical skills, and software.

What are the threats in cyber world? ›

But what exactly are these cyber threats? A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber-attacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks.

What do I need to know for a cyber security interview? ›

Top 10 Frequently Asked Cyber Security Interview Questions
  • Define Cybersecurity?
  • What is the difference between IDS and IPS?
  • What is a Botnet?
  • What is the difference between stored and reflected XSS?
  • What are HTTP response codes?
  • List the common types of cybersecurity attacks.
  • What is a cybersecurity risk assessment?

What do you know about cyber security? ›

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

How do I find a cyber security mentor? ›

Attend events held by association chapters in your community. Experienced and knowledgeable security professionals often are at conferences, workshops, meetups and other industry events. It is often said that the mentor-mentee relationship grows naturally. Good mentors find their mentees.

Why did you choose cyber security Interview Questions? ›

Cybersecurity Interview Questions to Prepare for in 2022
  • What do you find interesting about cybersecurity? ...
  • Why did you choose cybersecurity to build your career? ...
  • Which qualities of yours make you a good candidate for a role in cybersecurity? ...
  • Do you think continuous learning is important in a cybersecurity career?
Feb 9, 2022

Videos

1. Right To Ask | Cybersecurity Seminars
(Monash Information Technology)
2. Closing the Cyber Skills Gap - Panel Discussion Video
(Cybersecurity Insights)
3. How Do We Teach Cybersecurity?
(Software Engineering Institute | Carnegie Mellon University)
4. WEIRD THINGS CAUGHT ON SECURITY & CCTV CAMERAS!
(CubeHub01)
5. Digital Rights and Inclusion Forum - #DRIF21 - Day 7
(ParadigmHQ)
6. Supreme Court nominee Ketanji Brown Jackson answers questions in Senate hearing — 3/22/22
(CNBC Television)

Top Articles

Latest Posts

Article information

Author: Kerri Lueilwitz

Last Updated: 12/28/2022

Views: 5399

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.