Thanks for the feedback! It's the first time I've written anything like this, and I'm currently studying computer science so I appreciate the corrections as they help me improve my knowledge of the field :)
No problem, good for you both for digging into it at all and then actually writing it all out, good little exercise to go through and poke at for sure! Network security is its own entire other specialization and despite working in it there's always new stuff to learn and new challenges. And the mess and issues of the WiFi standards process is an entire book itself.
I guess the one generalist suggestion I'd have for you just for security overall is to always try to consider the overall threat scenario and "economics" of given attacks when judging seriousness for clients. It's easy to theorycraft purely in terms of hardware or software and get lost in the weeds of attacks that don't actually make any sense. All "security" overall is about the economics between how much it costs to defend and attack and what the value gained/lost is. So things that scale very well, like pure software remote exploits, are huge risks since somebody can run attacks near or fully automatically dirt cheap/free at mass scale and do so in a way that can be hard to trace back. Thus even those with very few resources are at risk, if the attack is free to the attacker then anything at all is profit. In contrast an attack that requires in person access doesn't scale at all, it must be done each time by an actual human actually going out there. And that entails major physical risks as well. So while expensive to defend against, it's also expensive to execute and thus won't happen unless a lot of value is available, and naturally individuals/organizations in that position (lots of money or high value assets) tend to have the resources themselves to take action.
Anyway, "engineering is the art of the possible", getting the best bang for the buck matched to what clients or employers need sometimes is part of the real challenge. Good luck with everything!
I guess the one generalist suggestion I'd have for you just for security overall is to always try to consider the overall threat scenario and "economics" of given attacks when judging seriousness for clients. It's easy to theorycraft purely in terms of hardware or software and get lost in the weeds of attacks that don't actually make any sense. All "security" overall is about the economics between how much it costs to defend and attack and what the value gained/lost is. So things that scale very well, like pure software remote exploits, are huge risks since somebody can run attacks near or fully automatically dirt cheap/free at mass scale and do so in a way that can be hard to trace back. Thus even those with very few resources are at risk, if the attack is free to the attacker then anything at all is profit. In contrast an attack that requires in person access doesn't scale at all, it must be done each time by an actual human actually going out there. And that entails major physical risks as well. So while expensive to defend against, it's also expensive to execute and thus won't happen unless a lot of value is available, and naturally individuals/organizations in that position (lots of money or high value assets) tend to have the resources themselves to take action.
Anyway, "engineering is the art of the possible", getting the best bang for the buck matched to what clients or employers need sometimes is part of the real challenge. Good luck with everything!