Welcome, Mark. Thanks for taking the time to talk to us. Why don’t we start with your recent book, Two-Factor Authentication – why did you want to write it?
I ultimately decided to write Two-Factor Authentication for a couple of major reasons. Foremost, at the time the book was proposed, I was actually working for a two-factor authentication service provider, with much of my time spent communicating concepts around the subject internally to our own employees, to clients, and to the general public via presentations and blog posts. Secondly, upon review of published works, I couldn’t find a book that had a focus on this topic, despite its lengthy history and critical importance to modern computing security. I thought that there’d be a lot of value to expand upon the content I’d regularly present as a primer on two-factor authentication into book form, which would have the appropriate space to discuss concepts more in-depth and provide people unfamiliar with the subject a great start at wrapping their heads around the subject.
How would you summarise two-factor authentication?
Two-Factor Authentication covers the various technologies, standards and reasons that a business or individual needs to know about in order to leverage the wide range of options that create authentication security beyond a single method – most commonly a password. By combining different ‘factor classes’ (e.g. something you have, something you know, something you are), account security is greatly strengthened as the challenge of a criminal to get past two factors is a difficult hurdle. Because passwords are often poorly created, easily stolen, and commonly reused, their ability to protect our most important systems and services aren’t well matched for the needs and risks facing people today. Through the book I am able to educate my readers about not just what two-factor authentication is, but what choices they have to do it, what the upsides and downsides are to different methods, and what they should think about to make sound decisions regarding their security needs.
What aspects of your work do you particularly enjoy?
I work at Rapid7 on the Strategic Services team, helping to build security programmes for organisations in all industries. I love working closely with my clients to ensure that I understand their IT needs, security concerns and business objectives so that I can help them determine what actions they should take over the coming years with the entirety of their organisation’s information technology, staffing, policies and business strategy as it relates to making their organisation more secure. It’s very rewarding helping shape the future for my clients and knowing that I can provide them with insight that they wouldn’t otherwise likely have. Security isn’t easy, but I greatly enjoy helping organisations make sensible, well-founded decisions that will actually positively impact their ability to be more secure going forward.
Where did you begin your career in IT?
I’ve had many jobs in IT, from web application development, to systems administration, to information security. However, most of my early ‘formal’ career actually started as a help-desk employee with my university. The experiences I had in that role helping people understand technical problems without technical jargon and ensuring customer satisfaction have been a huge benefit during my entire career.
If you could go back in time and meet yourself when you were at school, what advice would you give?
I’d probably tell the former me that they should spend even more time trying to diversify their skill set. Especially when you are in school, you get focused on a few projects and can sink a lot of time into them even if they aren’t that important. I definitely wish I had used more of that ‘free time’ to learn a few other technical skills, as once your career starts finding that time is hard.
How have you found publishing with ITGP?
I really enjoyed my publishing process with ITGP, from start to finish. Prompt and clear communication is hugely important to keep the book moving forward and my experience with ITGP in that regard was perfect. Being able to focus on the book and not focus on ‘the process’ means that I could be efficient and excited about writing and not hung up in my email account. While writing a book takes a lot of time, patience and effort, ITGP made it as painless as possible for me from day one.
- An introduction to the topic of two-factor authentication.
- Provides a comprehensive evaluation of popular secondary authentication methods.
- Presents international examples of standards and regulations that make two-factor authentication a component of security guidance
Two-Factor Authentication is available to pre-order right now with a 10% discount.