Red teamer Dahvid Schloss stole a trophy worth at least $250,000 posing as Wi-Fi help
A “fix the Wi-Fi” pretext let a security audit turn into a $250,000 trophy grab and an executive wake-up call.

Red teamer Dahvid Schloss, acting as a supervisor on an engagement, removed a trophy from a company near the top of the Fortune 500 during a physical and network security audit. His test relied on people assuming he belonged, and he later presented the stolen prize to executives, with no alarms raised for two and a half weeks.
PWNED: It starts as a normal security test, but it ends with the trophy sitting on a boardroom table. In Dahvid Schloss’s account, the red teamer posed as someone who was there to fix Wi-Fi while auditing the physical and network security of a company near the top of the Fortune 500. During construction that left employees annoyed by office Wi-Fi, no one questioned the team walking around with antennas and asking for better connectivity.
The most jarring detail is the prize itself. Schloss estimated the trophy he removed was worth at least $250,000, noting there were three copies made: one for the winner, one for the host nation, and one for the sponsor. He pulled one out of a marketing department display case, slipped it into his backpack, and held onto it for two and a half weeks before bringing it to the executive presentation.
Why this matters for boards and security leaders is not because someone can physically steal a trophy. It is because the theft worked through trust. Schloss’s approach leaned on workplace assumptions: if people think you are doing a legitimate job, they can “get away with anything,” in his framing. In the scenario, his team was not being secretive, but instead carried visible testing gear. The logic was simple: this is California, and there are plenty of tech bros and nerds. To employees, the antennas looked like normal troubleshooting, not an intrusion.
There is also a real operations angle here. When a building is under construction, the ordinary rules of “what belongs here” get blurry fast. Employees already expect interruptions, vendors, and problem-solving teams. In that fog, the signal that usually triggers questions, like unfamiliar faces lingering in sensitive areas, gets replaced by the noise of a broken environment. Even when Schloss and his team reached the marketing department, and a marketing staff member saw the trophy case being opened and the trophy being pulled out, the conversation did not turn into a security stop. The key question was framed narrowly: “Are you here to fix the Wi-Fi?” When Schloss answered yes, the marketing staff did not escalate. The trophy came out anyway.
This is the kind of attack surface security teams forget to model. Most organizations separate “network security” and “physical security,” then act surprised when an adversary blends them. Schloss’s engagement was meant to test both, but the failure mode came from how humans interpret roles during stressful, high-ambiguity moments like construction. The red team exploited the fact that security processes often depend on people noticing suspicious behavior. In this case, behavior that would normally raise eyebrows (walking around with antennas, accessing a display case) was reclassified as legitimate because it fit the story people were already expecting to hear.
Schloss later described the executive moment, and it is a perfect illustration of how the gap between awareness and action can persist. When it was time to give the security report to executives, he walked to the boardroom, pulled out the trophy, and placed it on the table before discussing the findings. He said executives’ eyes “popping open” made the lesson immediately visible. In other words, the board got a live demonstration of the exact weakness the test revealed: employees were not just failing to spot something suspicious, they were actively accepting it because the pretext aligned with everyday disruptions.
Stepping back, the incentive structure in organizations is part of the story. Employees often want Wi-Fi fixed, and they want it fixed quickly. If someone arrives with visible “expert” tools and speaks the language of connectivity, people will prioritize resolution over verification. Meanwhile, security and facilities teams may assume that contractors and auditors are being coordinated through standard channels. Schloss’s test suggests that those channels can be invisible at street level, especially when teams are not secretive and when the organization is already dealing with ongoing building issues.
There is also a governance implication. A security report that highlights vulnerabilities but does not change how frontline employees verify authority leaves risk where it starts: in the moment of interaction. The boardroom demonstration is dramatic, but the operational takeaway is straightforward. If the organization does not train staff to challenge assumptions and escalate appropriately, the next “Wi-Fi hero” will not be running an authorized red team. The same human trust that made Schloss’s stunt work could also make a real adversary’s walk-in theft easier, faster, and less detectable.
Schloss’s experience is ultimately a warning about how trust can be weaponized inside the workplace. When employees see someone who looks like they belong in the building, they may not question motives even if they witness actions that should trigger a security response.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Business

Comcast shares jump 25% as it plans to split NBCUniversal and Sky
The tax-free spin-off could reshape focus, funding, and competition across media and tech for years.

Bungie cuts most Destiny 2 staff as Sony says Marathon still matters
Herman Hulst confirms layoffs affecting most Destiny and some Marathon teams after Bungie admits Destiny fell short.

SK Hynix jumps 11% after seeking up to $29.4B in Nasdaq listing
The chip giant filed for a Nasdaq listing plan that could raise $29.4 billion, instantly reshaping investor expectations.
