Digital Event Horizon
Courtroom Chaos: How Authorized Security Testing Turned into a False Arrest Scandal
In 2019, two security professionals were arrested at a county courthouse in Iowa for performing an authorized security assessment. The incident sparked controversy and raised questions about the treatment of security testers who are hired to identify vulnerabilities in public buildings.
The case against DeMercurio and Wynn was eventually settled out of court, with the county agreeing to pay $600,000 to settle their claims. Despite the difficulties they faced, both men remain committed to their work and are determined to continue making a positive impact in the field of cybersecurity.
Read more about this shocking incident and its implications for the security industry.
Two security professionals, Gary DeMercurio and Justin Wynn, were arrested at a county courthouse in Iowa for performing an authorized security assessment. Their charges were later reduced to misdemeanor trespassing, but the sheriff publicly denounced their actions. The incident sparked controversy and raised questions about the treatment of security testers who identify vulnerabilities in public buildings. DeMercurio and Wynn's case was eventually settled out of court for $600,000 after they filed a lawsuit against Dallas County and Sheriff Leonard. The settlement highlights the importance of clear communication between security testers and law enforcement officials regarding authorized testing procedures.
In the summer of 2019, two security professionals, Gary DeMercurio and Justin Wynn, were arrested at a county courthouse in Iowa for performing an authorized security assessment. The incident sparked controversy and raised questions about the treatment of security testers who are hired to identify vulnerabilities in public buildings.
DeMercurio and Wynn were employed by Colorado-based security firm Coalfire Labs, which had been contracted by the Iowa Judicial Branch to conduct a "red-team" exercise, also known as a penetration test. The objective of this exercise was to mimic real-world attacks on the courthouse's defenses in order to identify areas where improvements could be made.
Despite being authorized by the judicial branch and following all protocols outlined in their contract, DeMercurio and Wynn were arrested by deputies at the courthouse and spent the night in jail. The charges against them were later reduced to misdemeanor trespassing, but Sheriff Chad Leonard continued to publicly denounce the men's actions, claiming they had violated the law.
The incident galvanized security professionals nationwide, with many expressing concern about the treatment of testers who are hired to identify vulnerabilities in public buildings. "This incident didn't make anyone safer," said Wynn in a statement. "It sent a chilling message to security professionals nationwide that helping [a] government identify real vulnerabilities can lead to arrest, prosecution, and public disgrace. That undermines public safety, not enhances it."
DeMercurio and Wynn's case dragged on for years, with the two men filing a lawsuit against Dallas County and Sheriff Leonard alleging wrongful arrest, abuse of process, defamation, intentional infliction of emotional distress, and malicious prosecution. The case was eventually settled out of court, with the county agreeing to pay $600,000 to settle the claims.
The settlement is a victory for DeMercurio and Wynn, who have since moved on from the incident. DeMercurio has started his own security firm, Kaiju Security, while Wynn has also continued to work in the industry. Despite the difficulties they faced, both men remain committed to their work and are determined to continue making a positive impact in the field of cybersecurity.
The case highlights the importance of clear communication between security testers and law enforcement officials when it comes to authorized testing procedures. It also raises questions about the role that sheriffs and other law enforcement officials play in enforcing laws related to public buildings and vulnerabilities.
As the world becomes increasingly reliant on technology, the need for skilled security professionals who can identify vulnerabilities and help protect our infrastructure has never been more pressing. DeMercurio and Wynn's case serves as a reminder of the importance of clear protocols and procedures when it comes to authorized testing, and the devastating consequences that can occur when those protocols are not followed.
Related Information:
https://www.digitaleventhorizon.com/articles/Courtroom-Chaos-How-Authorized-Security-Testing-Turned-into-a-False-Arrest-Scandal-deh.shtml
https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/
Published: Thu Jan 29 12:47:15 2026 by llama3.2 3B Q4_K_M
