Two penetration testers, Gary De Mercurio and Justin Wynn, received a $600,000 settlement from Dallas County, Iowa, after being wrongfully arrested in 2019 while conducting a security evaluation at a courthouse. Despite having legal clearance for their work, they were arrested for burglary after testing the courthouse's alarm system. The situation spiraled into a lengthy legal battle that damaged their careers and personal lives. De Mercurio expressed mixed feelings about the settlement, noting it didn’t compensate for the losses they faced over the years. The case highlights significant risks for penetration testers, especially during red teaming exercises, where the element of surprise is crucial for realistic simulations. However, if law enforcement is unaware of these exercises, the consequences can be dire. A police officer on the scene during their arrest remarked on the dangers of not notifying authorities. Both testers emphasized the importance of thorough communication with clients, as even reputable organizations can lead to misunderstandings that result in serious legal trouble. In a subsequent test, even with prior notification to law enforcement, they still faced a tense situation when police responded to an alarm triggered during their exercise. Wynn and De Mercurio's ordeal sheds light on the inherent conflicts in security testing, where the best results often come from minimal prior notification. Their experience serves as a cautionary tale for both security professionals and organizations about the critical need for clear communication and the potential pitfalls of red teaming.