As many of you are most likely aware of by this point, two Coalfire employees are facing criminal trespassing charges in Iowa. The two employees were conducting a physical penetration test against a judicial branch building and the Dallas County courthouse. As part of their assessment, they gained access to the courthouse and intentionally tripped the alarm to test the county’s response. Once law enforcement arrived, they showed them how they did it, showed them the contract authorizing them to perform the work, and were expecting to go on their way. However, when the Sheriff arrived shortly before they were actually released, he determined that Iowa State officials did not have the authorization to allow such a test, and arrested the two employees on the spot.
As more has surfaced on this issue, Coalfire management probably could have done a better job of ensuring the State was authorized to allow this test. Additionally, the State has issued a public apology to the county, and they have taken steps to make the process smoother going forward. However, the fact that these two employees, who were merely doing their job to the best of their ability, are still facing criminal charges is wrong on so many levels. A political dispute between a local county and the state government should not look to punish individuals who are working to protect them. This could have an impact on their ability to financially provide for their families or work in the industry. Beyond that, this case could set a dangerous precedent that could impact similar cases for many years to come.
Why Triaxiom is Issuing a Letter of Support
At Triaxiom, we also perform physical penetration tests on a myriad of organizations, being authorized by organizations across the United States to identify flaws and gaps in their physical security to help them improve. Many other companies in the industry who perform this type of testing have already come forward and issued similar offers of support. Additionally, the Coalfire CEO has issued a statement supporting these employees and vowing to do everything he can to ensure they are free from all charges.
So the obvious question is why is Triaxiom just now making a statement about this after it has been unfolding over the past couple weeks and what difference does it make? Well, to put it simply, we feel that the information security community is a tight knit group and it is on all of us to support these employees, Coalfire as a company, and the community as a whole. Collectively, we have the ability to elevate this issue beyond a local political dispute and into the national conversation. Hopefully, by doing so, these charges will be dropped and the county, state, and Coalfire can work through their issues without jeopardizing the professional careers of two industry experts.