The editors at Solutions Review have compiled the following list of top-rated books for identity management engineers to consider reading.
For this list, we wanted to zoom in on a specific profession in cybersecurity—Identity Management Engineer—and share the highest-rated titles that might appeal to members of said profession. These books qualify for this list by providing essential perspectives and information beneficial to Identity Management Engineers and are intended for professionals, whether just beginning their careers or already established as experts. All are written by authors with proficiency and/or recognition in the field of cybersecurity.
The Highest-Rated Books for Identity Management Engineers
Book Title: Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0
OUR TAKE: Yvonne Wilson and Abhishek Hingnikar both have extensive experience in software development and identity management, and they’ve used their collective expertise to compile this textbook.
Description: Written for developers, application architects, business application owners, and anyone involved with identity management (IAM) solutions, this textbook will take readers from account provisioning to authentication and authorization. The title covers essential topics that will help IAM engineers understand essential identity management concepts, design authentication control for modern applications, review historical IAM failures to learn from their mistakes, incorporate essential design principles into their applications, and become familiar with the identity management protocols used today, like OIDC, SAML 2.0, and more. There is a 2nd Edition of the book coming out in the near future, too.GO TO BOOK
OUR TAKE: Justin Richer and Antonio Sanso’s industry experience as systems architects, software engineers, service designers, and other roles have helped them compile a book capable of helping professionals learn how to use OAuth 2.
Book Title: Password Authentication for Web and Mobile Apps: The Developer’s Guide To Building Secure User Authentication
OUR TAKE: Writer Dmitry Chestnykh has been writing software for over twenty years, and with that experience, has compiled a book of insights to help other professionals improve the way they develop secure user authentication.
Description: User authentication and password management are essential tools in any web and mobile security strategy. However, these are also the most common areas for something to go wrong. With this book, Dmitry Chestnykh will help developers learn to improve their password authentication implementation processes. Other subjects covered include password hashing functions, optimal password hash lengths, encoding hashes, avoiding vulnerabilities, enforcing password quality, implementing secure sessions, allowing users to view sessions from other devices, enacting two-factor authentications, and more.
OUR TAKE: If you want to learn about the various types of multi-factor authentication out there, this book can help get you started, as it covers dozens of solutions, how they can be hacked, and how you can protect them.
Description: Multi-factor authentication (MFA) is a crucial tool in the identity access management and cybersecurity fields. With this book, readers will learn about the different ways MFA solutions can be hacked, how to protect those solutions from threats, and see firsthand how to identify the best MFA solution for a company’s particular needs. Additional subjects covered in Roger A. Grimes’ book include the different types of multi-factor authentication and insights on how to mitigate risks for each. The book is best suited for CISSPs, CISOs, CIOs, and penetration testers.
Book Title: Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution
OUR TAKE: With this book, you will learn about role-based identity assignments, auditing strategies, and entitlements, and see how to use them to mitigate threats and manage compliance.
Description: This book is written for managers and implementers in IT operations, auditing, and security roles, and will help them learn how to implement identity access management programs in a business. Readers will also learn how to manage identities, provide certification for regulatory compliance projects, integrate key identity management technologies into corporate ecosystems, measure risk reduction, prevent identity attack vectors, manage privileges in business environments, and plan for successful deployments.
OUR TAKE: Learn about consumer identity and access management (CIAM) principles with this 2021 book from Simon Moffatt, an industry expert with over twenty years in digital identity and access management.
Description: Modern companies need to meet end user privacy, security, and usability requirements while also providing the business enablement opportunities companies need to respond to market changes. This book is written to help enterprise architects and CISOs do just that. The nearly four-hundred page book covers fundamental topics like CIAM lifecycle, implementer toolkits, design principles, business objectives, drivers, vendor selection guidance, and other requirements for selecting and maintaining CIAM software solutions.
OUR TAKE: With accessible definitions and comparisons, Phil Windley’s book will help you find your footing in the many concepts, issues, and technologies involved in most identity management architectures.
Description: This book provides readers with an in-depth, approachable examination of identity management architecture (IMA), a method used to provide businesses with protection from threats without restricting access to the information and systems they need to function. With his years of industry experience, Phil Windley will guide his audience through the cogerent, enterprise-wide standards, certifications, policies, and management activities that make it possible for global organizations to manage digital identities securely.
Solutions Review participates in affiliate programs. We may make a small commission from products purchased through this resource.