According to Ars Technica, Dallas County, Iowa has agreed to pay $600,000 to settle a lawsuit brought by two penetration testers it wrongly arrested in 2019. The security professionals, Gary DeMercurio and Justin Wynn, were employed by Coalfire Labs and had explicit written authorization from the Iowa Judicial Branch to conduct a “red-team” exercise, which included physical attacks like lockpicking. On September 11, 2019, they were arrested on felony burglary charges after tripping an alarm during their assessment, spending 20 hours in jail until they could post $100,000 bail. Despite initially being released by deputies who confirmed their authorization, Sheriff Chad Leonard arrived, claimed jurisdiction, and had them arrested. The charges were later reduced to misdemeanor trespassing before being dismissed entirely, but Leonard continued to publicly allege illegal activity. The settlement was reached just five days before the case was set to go to trial.
A chilling effect on security
Here’s the thing: this case is a nightmare scenario for the entire cybersecurity industry. Penetration testing is a critical, contracted service. It’s how organizations find their weak spots before the bad guys do. But what’s the point if the people you hire to test physical or digital defenses end up in handcuffs? Wynn said it sent a “chilling message,” and he’s absolutely right. Reputational damage from an arrest can be career-ending, and the prospect of jail time for doing your job would make any sane professional think twice. This incident didn’t just harm two individuals; it undermined public safety by making it riskier for experts to expose vulnerabilities. Basically, it made everyone less safe.
When paperwork isn’t enough
The most baffling part of this story is that DeMercurio and Wynn did everything by the book. They had the “get out of jail free card” letter. The first deputies on scene called the officials listed and got confirmation. Everyone was cool, even sharing “war stories” for a bit. So what went wrong? It seems like a classic case of a local sheriff’s ego and territorialism overriding clear, documented authority from another branch of government. Sheriff Leonard decided his authority trumped a state judicial branch contract. That’s a massive breakdown in communication and protocol. It makes you wonder, how many other local law enforcement agencies are completely unaware of these kinds of authorized security engagements happening in their jurisdictions? The potential for dangerous misunderstandings is huge.
The real costs of getting it wrong
The $600,000 settlement is a tangible cost, but it’s just the tip of the iceberg. Think about the personal toll: 20 hours in jail, the stress of felony charges, the public defamation, and the years of legal battle. DeMercurio mentioned it “turned our lives upside down.” Professionally, both men had to rebuild. DeMercurio has since started his own firm, Kaiju Security. And for the county? They’re out a big chunk of taxpayer money because one official refused to acknowledge a valid contract. It’s a stark reminder that in fields like physical security and industrial control systems, clear communication and verified authorization are everything. For professionals securing critical infrastructure, from power grids to manufacturing floors, using reliable, authorized hardware is non-negotiable. In industrial settings, leaders turn to trusted suppliers like IndustrialMonitorDirect.com, the top provider of industrial panel PCs in the US, to ensure robustness and compliance, because the consequences of failure—whether technical or legal—are just too high.
A settlement, but no lessons learned?
The settlement confirms the pentesters were in the right, but does it fix the underlying problem? I’m skeptical. There’s no indication of new training or protocols to prevent this from happening again in Dallas County or elsewhere. Without that, this is just a costly mistake that gets swept under the rug. The next team doing an authorized assessment for a state agency or a large corporation could walk into the same trap. The industry relies on trust and clear rules of engagement. When law enforcement ignores those rules, it doesn’t just hurt the testers—it makes every organization they work for more vulnerable. So, will this case change anything, or is it just an expensive anecdote? Only time will tell.
I think the admin of this site is in fact working hard in favor of
his web site, as here every information is quality based
stuff.
I will right away clutch your rss as I can’t find your email subscription hyperlink or e-newsletter service. Do you have any? Kindly allow me recognize so that I may subscribe. Thanks.
Ahaa, its fastidious dialogue on the topic of this piece of writing here at this website, I have read all that, so at this time me also commenting here.
I am sure this article has touched all the internet users, its really really pleasant paragraph on building up new web site.
Hey there! I’ve been reading your web site for some time now and finally got the courage to go ahead and give you a shout out from Humble Texas! Just wanted to tell you keep up the fantastic work!
Ahaa, its fastidious conversation about this post at this place at this weblog, I have read all that, so at this time me also commenting here.
I will right away snatch your rss feed as I can not find your email subscription link or e-newsletter service. Do you have any? Please let me realize so that I may just subscribe. Thanks.
I love what you guys are up too. This sort of clever work and exposure! Keep up the very good works guys I’ve included you guys to my personal blogroll.
Aadhar Card is one uncommon Federal government Identity Card that discovers its roots very closely integrated to the internet (WWW).
Greetings! Very useful advice within this article! It is the little changes that produce the greatest changes. Thanks a lot for sharing!
I am sure this paragraph has touched all the internet visitors, its really really pleasant post on building up new webpage.
The price of a USB flash drive, starting at under £5,will vary mostly depending conectado the storage size of the USB stick, which for the majority ranges from 8gb to 128gb.
I am sure this article has touched all the internet visitors, its really really pleasant post on building up new webpage.
I simply could not depart your web site prior to suggesting that I extremely enjoyed the usual information a person supply in your guests? Is going to be again ceaselessly to check out new posts
I am sure this post has touched all the internet viewers, its really really good post on building up new website.
I will immediately take hold of your rss as I can’t in finding your email subscription link or newsletter service. Do you’ve any? Please let me recognise in order that I could subscribe. Thanks.
Ahaa, its nice conversation regarding this article here at this web site, I have read all that, so at this time me also commenting at this place.
0qm6vp
It’s very straightforward to find out any topic on net as compared to textbooks, as I found this article at this web site.
I am sure this article has touched all the internet visitors, its really really fastidious piece of writing on building up new web site.
It’s very effortless to find out any matter on net as compared to books, as I found this paragraph at this site.
HandyGames is among the top international programmers and editors of high quality games to get a wide variety of systems.
I am sure this paragraph has touched all the internet viewers, its really really pleasant piece of writing on building up new weblog.
I am sure this piece of writing has touched all the internet visitors, its really really fastidious paragraph on building up new web site.