Author
Daimon Geopfert
Daimon Geopfert is a Principal with the risk advisory services group at RSM. He specializes in penetration testing, vulnerability and risk management, security monitoring, incident response, digital forensics and investigations, and compliance frameworks within heavily regulated industries. Daimon has over 17 years of experience in a wide array of information security disciplines. He serves as the firm’s national leader for the security and privacy practice, responsible for the development of the firm’s overall strategy related to security and privacy services and applicable methodologies, tool kits and engagement documentation.
Daimon is a regular presenter for organizations such as Information Systems Audit and Control Association (ISACA), InfraGard, the Certified Fraud Examiners and SC Magazine’s World Congress. He has been quoted in a variety of publications, including The Wall Street Journal, Fortune Magazine, The Washington Post and the Kansas City Business Journal.
Representative Experience
• Information systems security assessment
Daimon has served as the manager and lead technician for security assessments performed on some of the largest corporations and government entities in the world. He has designed and implemented testing frameworks and methodologies used to properly capture and communicate the technical, operational and regulatory impact of identified security weaknesses.
Daimon’s experience in this area includes analyses and reviews of the following:
• Security testing across the enterprise: network, host, application and database
• Wireless, Voice over Internet protocol (VoIP), cellular, modem/telco assessment
• Security operations structure and effectiveness
• Social engineering testing, including phishing/pharming, phone and physical
• Corporate security policies and procedures
• Application secure architecture and coding analysis
• Incident response, forensics and security monitoring
Daimon acts as the lead developer for RSM’s forensic and monitoring service offerings, and has designed and deployed incident response and security monitoring programs within several highly regulated clients. These frameworks are based on customized versions of National Institute of Standards and Technology (NIST) SP800-81, ISO 18044:2004 and the SANS IR 6 Step. Daimon previously served as a special agent with the Air Force Office of Special Investigations – Computer Crimes Investigations, as a researcher with the CIA’s Directorate of Science and Technology, and deployed and ran Security Operations Centers for the Department of Defense (DoD).
• Security program management
Daimon has managed and performed a myriad of security program engagements across a variety of industries. The purpose of these projects was to assist organizations in deploying efficient, manageable and cost-effective solutions and processes that would address the wide ranging business and regulatory aspects of IT security. Daimon has deep experience in Payment Card Industry (PCI), HIPAA/Health Information Technology for Economic and Clinical Health (HITECH), FFIEC/Federal Deposit Insurance Corporation (FDIC), Federal Information Security Management Act (FISMA), NIST SP800 series, ISO 2700X, National Information Assurance Certification and Accreditation Process (NIACAP)/DoD Information Assurance Certification and Accreditation Process (DIACAP), American Electric Reliability Corporation(NERC)/Critical Infrastructure Protection (CIP), EU Data Privacy Directive, and various state security and privacy laws.
Professional Affiliations
• Information Systems and Controls Association (ISACA)
• International Information Systems Security Certification Consortium (ISC)2
• FBI InfraGard, Michigan Chapter—Member, Presenter, Speaker Committee
• The SANS (SysAdmin, Audit, Networking, and Security) Institute
• The Ethical Hacker Network
Professional Certifications
• Certified Information Systems Security Professional (CISSP)—(ISC)2
• Certified Information Security Manager (CISM)—ISACA
• Certified Information Systems Auditor (CISA)—ISACA
• GIAC Certified Incident Handler (GCIH)—The SANS Institute
• GIAC Certified Reverse Engineer of Malware (GREM)—The SANS Institute
• Certified Ethical Hacker (CEH)— EC-Council
Education
• University of Michigan, Ann Arbor, Michigan, Master of Science in Computer Science
• United States Air Force Academy, Colorado Spring, Colorado, Bachelor of Science in Computer Science
• Numerous technical and industry courses and seminars
Daimon’s position requires him to annually participate in continuing professional education for an average of 40 hours or more.