Wireless Security Assessment

Wireless networks tend to get treated as solved territory, which is exactly why they're worth testing. WPA2 and WPA3 deployments still fail in interesting ways once you look at how they're actually configured: weak EAP setups, captive portals that leak, guest networks bridged into corporate VLANs, certificates nobody validates because someone clicked through the warning years ago.

A wireless assessment covers the radio environment around your sites — corporate Wi-Fi, guest networks, IoT segments, and any other wireless protocols sharing the airspace. Beyond 802.11, I look at Bluetooth and BLE pairings, and where it's relevant, Zigbee or other low-power protocols feeding into building systems and OT. These are the things people often forget are part of the network.

I also check for the things that don't show up in a vulnerability scanner: rogue access points, evil twin susceptibility, deauthentication resilience, and how clients behave when an attacker stands up a network with the same SSID as one they trust. The real findings tend to live in segmentation between wireless and the rest of the infrastructure — an open guest network is rarely the problem, but a guest network that quietly reaches a printer that shares VLANs with finance is.

The deliverable is a clear map of what was found, where it sits relative to your wired environment, and what to change. If you're refreshing wireless infrastructure, scheduling an assessment before the rollout tends to be a lot cheaper than fixing things after the access points are bolted to ceilings across three floors.