TrustedSec - A Message of Support: Coalfire Consultants Charged

If you haven’t been following recent news, two Coalfire employees, Gary DeMercurio and Justin Wynn, were performing a Physical Penetration Test against a Judicial Branch Building, the Dallas County Courthouse in the state of Iowa. The two employees were engaged by the Iowa State Judicial Branch to conduct the Physical Penetration Test, which is an authorized attempt to identify weaknesses and exposures through physical security controls to gain access to a facility. These types of tests are conducted regularly by organizations and are focused on enhancing physical security for buildings all around the globe.

During the physical break-in, the two consultants intentionally triggered the alarm to test the response time for law enforcement. They intentionally waited for law enforcement to arrive and were subsequently arrested and charged with felonies. The argument that the state of Iowa is making is that the buildings are public and that the Iowa State Judicial Branch didn’t have the authorization to give to the consultants, yet the consultants are being held legally liable. The charges have since been reduced to third-degree and possession of burglary tools to criminally trespass.

At TrustedSec, we have dedicated physical security personnel that perform the same type of work that the Coalfire employees were conducting. This is an extremely concerning development for our consultants and consultants in similar situations in other organizations. Coalfire employees appear to be caught in a political battle between the county and the state who authorized the tests.

At TrustedSec, we want to show support for the two consultants, Gary DeMercurio and Justin Wynn, and call for the charges to be immediately dropped. These types of actions call into question countless years of authorized testing on behalf of organizations and the industry’s ability to identify flaws and protect organizations within the United States. It’s clear that the state believed they had full rights to conduct these types of tests against their facilities, authorizing the consultants to perform a specific job simulating a break-in to the building. The consultants, their lives, and their families should not be used as leverage points between the state and county.

We will be drafting a letter to both the state of Iowa and Dallas County calling for the immediate charges to be dropped as a sign of support for the Coalfire employees. At a time where threats continue to rise and organizations experience breaches from not only a technology perspective, but also a physical standpoint, this type of work is paramount for improving safety and security. We’re deeply saddened that two consultants are in a mix of a battle between the state and county as their careers and livelihoods are placed in jeopardy.

It’s always important to verify scope and ensure that you have the proper authorization to conduct such activities. Breaking into the wrong building or not having proper authorization are scenarios that may have legal implications. In this case, it appears that Coalfire and its employees had every assurance from the state that they were fully authorized to conduct this work on the facility in question.

If you are interested in reading more about this case and the statement from Coalfire’s CEO Tom McAndrew, you can view it here.

The post A Message of Support: Coalfire Consultants Charged appeared first on TrustedSec.



from TrustedSec https://www.trustedsec.com/blog/a-message-of-support-coalfire-consultants-charged/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more