Marco Fanti is the author of Implementing Multifactor Authentication we got the chance to sit down with him and find out more about his experience of writing with Packt.
Q: How did you become an author for Packt? Tell us about your journey. What was your motivation for writing this book?
Marco: As an expert in identity and access management, I’ve spent a significant portion of my career helping organizations implement and manage complex identity systems. This includes managing user access, streamlining authentication processes, and ensuring data security. My depth of experience in these areas has provided me with a wealth of knowledge and expertise that is vital to understanding the intricacies of the field. Recognizing my proficiency in this area, my editor at Packt saw a unique opportunity. They noticed a gap in the market for comprehensive, hands-on guides about multifactor authentication. Throughout my career in identity management, I have had the opportunity to work with a vast range of products, each with its unique characteristics and configuration requirements.
The hands-on experience I’ve acquired working with these products enables me to provide detailed and practical explanations of how they are configured and implemented in real-life scenarios. By offering insights based on actual use cases, my writings can go beyond theoretical information and provide practical, actionable guidance that readers can directly apply in their professional context. One of the key aspects of these explanations is how these products are used to protect both customer and workforce users from ever-increasing cybersecurity threats.
In the current digital age, the threat landscape is continually evolving. Cybercriminals are finding new and innovative ways to exploit security vulnerabilities, and it’s crucial for organizations to stay one step ahead to protect sensitive data.
Q: What is the name of your book?
Marco: Implementing Multifactor Authentication.
Q: What kind of research did you do, and how long did you spend researching before beginning the book?
Marco: While my professional background and hands-on experience with various identity management products provided a rich foundation of knowledge, writing a comprehensive guidebook presented an entirely new challenge. The strategies and configurations that worked for the specific companies I consulted for were context-dependent, influenced by each organization’s unique circumstances, resources, and goals. In the process of writing the book, it was essential to step beyond the limitations of my direct experiences and explore how these products could be utilized within a broader range of scenarios. This required me to create a fictitious company and to imagine how its needs might evolve over time, a task that required extensive research and creative thinking.
Once I had a clear picture of this fictitious company, I then began to research and explore how various identity management products could be applied within this context. I investigated how each product could be configured to meet the company’s changing needs, how they could integrate with the company’s existing systems, and how they could scale as the company grows.
Q: Do you have a blog that readers can follow?
Marco: Indeed, a blog can be an excellent way to further engage with readers and share additional insights and updates about multifactor authentication, identity management, and related topics. While I haven’t maintained a blog in the last few years, now that I’ve finished writing the book, I’m planning to create one as a platform for ongoing communication with my readers and the broader community. Through the blog, I intend to share:
Continuing Insights: The world of cybersecurity and identity management is constantly evolving. I’ll use the blog to share my observations and insights about the latest trends, challenges, and opportunities in the field.
Deep Dives: Some topics warrant a more detailed discussion than was possible in the book. The blog will provide a platform for these deeper dives, allowing me to expand on certain areas and concepts.
Clarifications and Q&A: If readers have questions or need clarification on any points in the book, the blog can serve as a space for answering those inquiries and engaging in more in-depth discussions.
Updates on the Book: If there are updates or corrections to the book, the blog will be the first place I’ll share this information.
Practical Examples: Real-world examples can be a great way to understand abstract concepts. I’ll use the blog to share practical case studies and examples that demonstrate the principles discussed in the book. The blog will be an extension of the book’s mission to provide clear, practical, and up-to-date guidance on identity management and multifactor authentication. I’m excited about this next phase and look forward to engaging with my readers in a new way. Stay tuned for more details on the blog’s launch!
Q: What key takeaways do you want readers to come away with from the book?
Marco: I hope that readers of this book will gain a wealth of knowledge and practical skills to enhance their understanding and implementation of identity management and multi-factor authentication. Here are some key takeaways I hope readers come away with:
In-Depth Understanding: Gain a comprehensive understanding of the principles and mechanisms of identity management and multi-factor authentication, including why they are critical in the current digital landscape.
Hands-on Skills: Develop the practical skills needed to implement and manage a variety of identity management solutions, through detailed, step-by-step instructions based on real-world scenarios.
Cybersecurity Awareness: Enhance their overall awareness and understanding of cybersecurity, particularly the role of identity management in protecting against threats.
Scalability and Adaptability: Learn how to design and manage identity management systems that can adapt and scale as an organization grows and changes, and as new security threats emerge.
Best Practices: Understand the best practices in the field of identity management, including how to balance security requirements with user convenience, and how to ensure compliance with relevant regulations and standards.
Q: Can you share any blogs, websites and forums to help readers gain a holistic view of the tech they are learning?
Marco: I like podcasts as a great way to keep up with the latest trends and insights. Here are some podcasts that can provide valuable information and perspectives:
Identity at the Center (https://www.identityatthecenter.com): This is a weekly podcast that focuses specifically on identity management. Hosted by Jim McDonald and Jeff Steadman, it covers a wide range of topics and includes interviews with industry experts.
Identity Unlocked (https://identityunlocked.auth0.com): This podcast, hosted by Vittorio Bertocci, focuses specifically on identity and access management. It features interviews with leading figures in the industry.
Smashing Security (https://www.smashingsecurity.com): This is a fun and accessible podcast that covers various cybersecurity topics. The hosts, Graham Cluley and Carole Theriault, do a great job of making complex security topics approachable. These podcasts offer a wealth of knowledge and perspectives, whether you’re an experienced professional or just getting started in the field of identity management.
Q. Did you face any challenges during the writing process? How did you overcome them?
Marco: Writing a book, particularly on a subject as complex and ever-evolving as multifactor authentication, indeed posed a number of challenges. Here are a few I encountered, and how I navigated them:
Keeping Up With Technological Changes: The technology landscape, especially in cybersecurity and identity management, changes rapidly. Ensuring the content was current and relevant throughout the writing process was a significant challenge.
Balancing Detail with Accessibility: Striking the right balance between technical details and readability was another hurdle. While the aim was to provide a comprehensive guide, it was crucial that the book remains accessible to a broad audience. To overcome this, I focused on clear, straightforward language, and incorporated real-world examples and analogies to explain complex concepts.
Time Management: Writing a book is a lengthy process, and balancing it with my regular professional commitments was challenging. To overcome this, I developed a strict writing schedule, setting aside dedicated time each night and weekends for research and writing. This routine helped me maintain a steady pace of progress and avoid burnout.
Ensuring Accuracy: Given the technical nature of the subject, ensuring accuracy was a high priority. I carefully cross-checked my explanations and instructions against product documentation, industry standards, and expert opinions. I also sought feedback from peers and other professionals in the field to validate my interpretations and ensure that the guidance I was providing was accurate and beneficial.
Q. How would you describe your author journey with Packt? Would you recommend Packt to aspiring authors?
Marco: Well, the author’s journey with Packt was a bit like running a marathon with a surprise party at each milestone. There were plenty of challenges, but also a lot of support and encouragement along the way. It was as if the editors, reviewers, and graphics team were my personal cheer squad. When it came to the writing itself, there were times when it felt like climbing a mountain. But just when I thought I was losing steam, the editors would show up like enthusiastic mountain goats, nudging me forward and reminding me that the view from the top was worth it.
The reviewers were like friendly yet meticulous detectives, spotting and pointing out clues (or rather, errors and inconsistencies) that I had missed. Their keen eyes saved me from many a potential blunder.
The graphics team, on the other hand, were like magicians, taking my mundane sketches and transforming them into clear, visually pleasing illustrations that significantly enhanced the book.
So, would I recommend Packt to aspiring authors? Absolutely. With Packt, you’ll get more than just a publisher – you’ll get a team of dedicated professionals who are as invested in your book’s success as you are. Just make sure you’re ready for the marathon!
Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?
Marco: This book stands out from others in the market primarily due to its unique blend of theoretical understanding and practical, hands-on guidance. A key feature that differentiates this book from others is its detailed step-by-step instructions on how to configure and use leading identity management products.
While many books might give an overview or discuss the concepts of multi-factor authentication and identity management, they often don’t delve into the intricacies of actually implementing these technologies in a real-world setting.
In contrast, this book provides readers with specific, actionable guidance that they can apply directly in their professional context.
Q. What is/are your specialist tech area(s)?
Marco: Identity and Access Management, cybersecurity, behavioral biometrics.
Q. What advice would you give to readers jumping into this technology? Do you have any top tips?
Marco: Navigating the realm of identity management and multi-factor authentication can be complex, but with the right approach, it can be highly rewarding. Here are some pieces of advice and top tips for readers delving into this technology:
Start with the Basics: As with any technical field, a solid understanding of the foundational concepts is crucial. Make sure you’re comfortable with the basics of identity management and authentication before diving into the more advanced aspects.
Hands-On Practice: Theoretical knowledge is important, but there’s no substitute for hands-on experience. Whether it’s in a sandbox environment or through your work, try to get as much practical experience as you can. This will give you a deeper understanding of the technologies and their real-world applications.
Keep Learning: The field of cybersecurity is constantly evolving, with new threats and new technologies emerging all the time. Stay curious and committed to continuous learning. Regularly reading industry news, attending webinars, participating in relevant communities, and challenging yourself with new projects can help you stay at the forefront of the field.
Privacy and Compliance: Always keep in mind the importance of user privacy and regulatory compliance. Not only are these ethical and legal necessities, but they are also increasingly important to customers and users. Familiarize yourself with relevant laws and standards in your region and industry.
Think Like an Attacker: Understanding the mindset of potential attackers can help you anticipate threats and design more secure systems. Keep up-to-date with the latest types of cyber attacks and consider how you can defend against them.
User Experience Matters: While security is paramount, it’s also important to consider user experience. An authentication system that is overly complicated or cumbersome can lead to user frustration and potential security risks, such as users finding ways to bypass the system. Aim to strike a balance between security and usability.
Plan for Scale: When implementing identity management solutions, consider not just your organization’s current needs, but also its future growth. A system that works well for a small number of users might struggle as your organization grows. Planning for scalability from the start can save a lot of headaches down the line. And of course, buy the book.
Q. What’s your take on the technologies discussed in the book? Where do you see these technologies heading in the future?
Marco: I believe that multi-factor authentication is fundamental to securing digital identities in today’s world. It plays a crucial role in protecting users and organizations from cybersecurity threats, such as data breaches and identity theft. Looking ahead, I see several key trends:
Behavioral Biometrics: This involves analyzing patterns in user behavior, such as typing speed or mouse movements, to identify anomalies that might indicate fraudulent activity. As machine learning techniques continue to advance, behavioral biometrics could provide an additional layer of security that is both effective and unobtrusive. Behavioral biometrics also allows for continuous authentication. Once a behavioral profile has been established for a user, it can be used to continually verify the user’s identity as they interact with a system. This means that even after a user has logged in, the system continues to monitor the user’s behavior. If the behavior deviates significantly from the established profile, the system could interpret this as a sign that the user might not be who they claim to be. For example, if the typing speed suddenly changes dramatically or the mouse movements do not match the usual pattern, the system may flag this as potentially suspicious activity. In such a case, the system might require the user to re-authenticate, or it could alert security personnel to investigate further. This offers an extra layer of security because it doesn’t rely solely on a one-time authentication at the point of login. It allows potential security threats to be identified and addressed in real-time, providing a more robust defense against unauthorized access.
Risk-Based Authentication: This involves adjusting authentication requirements based on the risk level of a particular action. For example, a user might be able to view account information after providing a single factor of authentication but would need to provide additional factors to transfer funds. As organizations seek to balance security with user convenience, risk-based authentication is likely to become increasingly popular.
Decentralized Identity: This involves users having control over their own digital identities, rather than relying on centralized authorities. With advances in blockchain technology and increasing concerns about privacy, decentralized identity could fundamentally change the way identity management systems are designed.
Integration with Other Security Measures: Multi-factor authentication is most effective when it’s part of a comprehensive security strategy. In the future, we’ll likely see more integration between MFA and other security measures, such as threat detection systems and data encryption technologies. It’s an exciting time to be in the field of identity management. The technologies are evolving rapidly, driven by ongoing advances in technology and a changing threat landscape. By staying informed and adapting to these changes, professionals in the field can help their organizations stay secure and make the most of the opportunities these technologies offer.
Q. How did you organize, plan, and prioritize your work and write the book?
Marco: Writing a book, especially one as technical and detail-oriented as this, is no small task. It required careful organization, planning, and prioritization. Here’s a glimpse into my approach:
Big Picture Planning: The first step was to get a clear idea of what I wanted the book to cover. I identified the key topics and concepts that were crucial for understanding multi-factor authentication and identity management. From there, I was able to outline the broad structure of the book, dividing it into sections and chapters.
Detailed Outline: With the big picture in mind, I created a detailed outline for each chapter. This included the specific points I wanted to cover, as well as ideas for examples, diagrams, and other illustrations. This served as my roadmap for writing each chapter and ensured that I covered all the necessary details.
Time Management: Writing a book is a long-term project that needs to be balanced with other commitments, like my day job. I set aside dedicated writing time each week and stuck to it as much as possible. I found that writing regularly, even in small chunks, helped me maintain momentum and progress.
Prioritization: Not all parts of the book were equally easy or difficult to write. I prioritized the sections that were most challenging or required the most research, tackling them when I was freshest and had the most energy. Simpler sections were saved for times when I might be less energetic.
Regular Reviews: I regularly reviewed what I’d written to make sure it was clear, accurate, and aligned with the overall objectives of the book. This also helped me identify any gaps or areas that needed more explanation.
Dealing with Blocks: Like any writer, I sometimes faced blocks. When that happened, I’d switch to a different section or work on something else, like reviewing or revising earlier parts. This helped keep the progress going.
Support from Packt: Throughout the process, I received fantastic support from my editors, reviewers, and the whole team at Packt. They helped keep me on track, provided valuable feedback, and helped bring the book to life. Writing the book was certainly a journey, with its share of challenges and rewards. But with careful organization, planning, and prioritization, I was able to navigate it successfully and produce a book that I’m proud of.
Q. What are your favorite tech journals? How do you keep yourself up to date on tech?
Marco: As someone deeply involved in the tech world, especially in identity management and multifactor authentication, staying up-to-date is crucial. To that end, I have a few favorite methods of staying informed:
Direct from Vendors: Since my day job involves working with these technologies, I receive a lot of information directly from vendors. This can include product updates, new feature releases, and insights into the future direction of the products.
Internal Research: I’m also fortunate enough to have access to internal research resources within my company. This can include reports, whitepapers, and other in-depth analyses produced by my colleagues and the research team.
Conferences and Trade Shows: These events can be a great way to learn about the latest developments and future trends, directly from the people who are driving them. They also provide opportunities for networking and deeper discussions with peers and experts. In addition to vendor conferences, I get a lot of information from FIDO Alliance’s Authenticate (https://authenticatecon.com).
Q. Would you like to share your social handles? If so, mention them below.
Marco: People can find me on LinkedIn : https://www.linkedin.com/in/mfanti/.
You can find Marco’s book on Amazon by following this link: Please click here
