Security workers, particularly penetration experts, have a very difficult job. In context: Governments and corporations will hire those individuals in their businesses to identify physical vulnerabilities and safety loopholes. Just as serious software failure is revealed, the ultimate objective of the process is to improve overall security. For this role to be completed, security professionals will frequently think of themselves as a skilled criminal.
Nonetheless, two security company workers Coalfire may have done their jobs a little too well in November of last year. They were hired in the Dallas County Courthouse by Iowa government officials to perform penetration tests. Once they came on stage, they entered the building and intentionally shocked how easily police officers would arrive— standard security practices.
At the beginning, things went smoothly. Shipmen ran to the court and understood the situation quickly. They reportedly checked the Contract Papers of the Coalfire employees and said they were “good to go” with the help of the local sheriff.
The workers were arrested and charged with felony failure, alleging that the original client of Coalfire (the Administration of Iowa State Court) did not legally allow penetration testing at the courthouse in Dallas County.
Luckily, the Dallas County Attorney agreed that the lawsuit should be dismissed and the two Coalfire workers involved in the fiasco, Gary DeMercurio and Justin Wynn, would essentially get the slate cleaner.
Tom McAndrew said in a statement, “We are pleased that in Iowa, all charges are dropped. “A new conversation starts with constructive lessons learned and aims to improve best practices and to increase the cooperation between security staff and law enforcement.”
It is a tragedy that this has occurred in the first place — decent security personnel should not only be prosecuted for their jobs — but we are relieved to see that the matter has now been resolved.