M-commerce, a growing sub-category of E-business, allows business to be done 'anywhere, anytime'. However security of wireless devices remains problematic. It is unclear whether protocols to alleviate security problems, such as wireless vulnerability assessments (WNVAs), are being used or are effective. The paper reports on a survey-based study of Australian computer security professionals' use of and opinions about two types of WNVA: wireless monitoring and penetration testing. An initially surprising finding was how little both types are used, despite the ease with which wireless networks can be attacked and the fact that penetration testing is fairly well understood. In the light of organizational culture the survey findings become more explicable. Senior management, and even IT staff, may still hold a traditional, 'wired network' view of their organization. Aspects of organizational culture also appear to limit the way WNVA users go about the assessment process. A cultural shift could help change users' perceptions about the risks and rewards of WNVAs. This could threaten IT staff's professional identity, however, and needs further research.