Cybersecurity for Small Businesses conference planned at Penn State Hazleton

HAZLETON, Pa. — Penn State Hazleton will host a cybersecurity entrepreneurship conference on Wednesday, Nov. 13, as part of Global Entrepreneurship Week at Penn State.

The Cybersecurity for Small Businesses conference will take place in the Slusser/Bayzick Building and is open to students, faculty and the public. The program was designed to help small businesses learn about the dangers and impact of potential cyberattacks. Research has found that 543,000 new small businesses are founded each month, with 44 to 50 percent of small businesses experiencing cyberattacks. Further, recovery costs from a cyberattack for a small business can average more than $40,000, and 60 percent of small businesses that experience a cyberattack go out of business within six months.

During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security risks to small businesses. They will also hear about resources to assist small businesses with preemptive techniques to help resist cyberattacks.

The event begins at 8:45 a.m. with registration and breakfast snacks, and concludes at 12:45 p.m. after lunch. Pre-registration is required. Register online at or contact the Penn State Hazleton Department of Continuing Education at 570-450-3110 or [email protected].

Keynote speaker Marc Gonzalez will present on the topic of “Understanding the Insider Threat.” Gonzalez is a “threat hunter” and cybersecurity adviser with more than 26 years of experience. He co-founded and co-owns Site2, a data management company serving regulated industries for the past 14 years. As the company’s information security officer, he leads a team of security engineers and “white-hat” hackers that perform security audits, security awareness training, vulnerability assessments and penetration tests. Gonzalez holds a master of business administration degree in finance from the University of Scranton and a bachelor of science degree in computer information systems from the University of Scranton. He is a certified information systems security professional through ISC2, a certified information systems auditor through Information Systems Audit and Control Association and a certified business continuity planner through Disaster Recovery Institute International.

Additional speakers include:

Brendan Smoke on the topic of “PCI DSS — What is it? And Why Should You Care?” Smoke, chief executive officer of Backbone Security, has 17 years of experience in cybersecurity. He works in Backbone Security’s PCI and Security Assessment division, working on Payment Card Industry services, penetration testing, social engineering and other security assessment activities. Smoke holds a bachelor of science degree in computer science and computer security. While working toward his degree, he contributed his skills toward the Cyber Crime and Forensics Institute at East Stroudsburg University, addressing issues related to computer forensics that are vital to law enforcement at all levels of government.

Jeremy Roehrich on the topic of “Social Engineering — Why Human Weakness May Be the Biggest Threat to Your Small Business.” Roehrich, chief operating officer of Backbone Security, has more than 15 years of experience in cybersecurity and other fields of information technology. He has a key role in Backbone’s penetration testing engagements and vulnerability assessment work. Roehrich holds a bachelor of science degree in computer security and has experience as an entrepreneur, having started a database programming and web development business. His work exposed him to varied technologies and helped him understand the security needs of businesses, ranging from small entities to large international corporations.

Samantha Prince on the topic of “Legal Aspects of Cybersecurity for Small Businesses.” Prince is an assistant professor at Penn State Dickinson Law, Carlisle. She teaches problem solving, business and experiential entrepreneurship law courses. For more than 20 years, she partnered with entrepreneurs during their startup phases and beyond, handling business transactions, including tax, contracts (domestic and international), mergers/acquisitions and securities offerings (private and public). Prince also represented a company through its IPO and afterward as the primary drafter of its securities disclosure documents. At Dickinson Law, she founded and moderates the Inside Entrepreneurship Law blog, which features posts written by students that are designed to provide helpful legal information to entrepreneurs and offer counsel. More information on the blog is available at Additionally, she implemented mobile student-led entrepreneurial workshops on various topics. Prince earned a bachelor of science degree in chemistry from Muhlenberg College, a juris doctor degree cum laude from Widener Commonwealth and a master of laws degree in taxation from Georgetown University Law Center.

Christian Wolgemuth on the topic of “Legal Aspects of Cybersecurity for Small Businesses.” Wolgemuth is a third-year law student at Penn State Dickinson Law, Carlisle. Prior to law school, he spent five years as a cybersecurity consultant for both Accenture and Deloitte. Wolgemuth served both private sector and government agency clients all over the country, helping to design cybersecurity systems used by millions of customers worldwide. As a law student, he interned with the Pennsylvania Office of Attorney General in the Bureau of Consumer Protection working on data breach and privacy infringement litigation. After law school, he will work in the litigation group of a private law firm in Harrisburg, helping clients navigate the continuously changing world of cybersecurity and privacy law.

Conference agenda

8:45 to 9:15 a.m.
Registration, breakfast snacks and survey completion

9:15 to 9:35 a.m.
Chancellor Gary Lawler, Penn State Hazleton
Ellen Raineri, assistant teaching professor of business

9:35 to 10:05 a.m.
Session I: PCI DSS – What is it? And Why Should You Care?
Brendan Smoke, OSCP, PCI ASV, Sec+, FCNSP; Chief Executive Officer,  Backbone Security

• What is the PCI DSS?
• Who needs to be PCI Compliant?
• Why are small businesses easy targets for credit card fraud?
• Common attack vectors – e-commerce, payment terminals, traffic sniffing on   
   public wifi, ransomware
• What will it cost my business to clean up after a breach?
• What can help to keep my business and my customers’ data secure?

10:05 to 10:35 a.m.
Session II: Social Engineering – Why Human Weakness May be the Biggest Threat to Your Small Business
Jeremy Roehrich, chief operating officer,
Backbone Security

• Why are small businesses vulnerable to social engineering?
• What could be the impact to your business if exploited?
• What specific types of attacks should we look out for?
• Examples of social engineering attacks and where the victim went wrong?
• How can small businesses/entrepreneurs prepare/protect themselves?
• Is there a technical solution to defend against social engineering attacks?

10:35 to 10:45 a.m.

10:45 to 11:15 a.m.
Session III: Legal Aspects of Cybersecurity for Small Businesses
Samantha Prince, associate professor of lawyering skills and entrepreneurship, Penn State Dickinson Law
Christian Wolgemuth '20, Penn State Dickinson School of Law

• Overview of the cyber security legal landscape, specifically addressing the use of websites and data security/privacy and its importance to entrepreneurs
• GDPR requirements as well as the California law (CCPA) that mirrors the GDPR  
• COPPA - Children’s Online Privacy Protection Act
• Compliance as well as the limitations of insurance coverage for breaches in these areas
• Resources that will be helpful to small businesses and entrepreneurs
• Power of the Office of Attorney General to bring suit against businesses for violations of the Unfair Trade Practices and Consumer Protection Law (UTPCPL)  

11:15 a.m. to noon
Keynote address: Understanding the Insider Threat
Marc Gonzalez, co-founder and co-owner, Site2

• What is Cybersecurity?
    • CIA Triad
    • Confidentiality
    • Integrity
    • Availability

• Insider threats represent over 50% of breaches
    • Careless/negligent worker
    • Insider Agent
    • Malicious Insider
    • Disgruntled Employee

Noon to 12:15 p.m.
Wrap up and post-event survey completion

12:15 to 12:45 p.m.


The conference is sponsored in part by the Center for Security Research and Education at Penn State, which promotes research and education to help protect people, infrastructure and institutions from the broad range of hazards confronting society today. Additional sponsors of the event include Invent Penn State through the Penn State Hazleton LaunchBox and Penn State Hazleton Information Sciences and Technology. For more information on the event, contact Ellen Raineri, assistant teaching professor of business, at [email protected].

GEW Penn State celebrates relationships between members of the University and local entrepreneurial communities. The week features a number of daily presentations, keynote addresses, workshops and networking opportunities geared specifically to entrepreneurs, local startups and innovators. To learn more about GEW Penn State or see other events, visit