Water systems across the nation are treading lightly when it comes to their cybersecurity.

The finding was uncovered in a Nov. 13 report released by the US Environmental Protection Agency’s (EPA) Office of Inspector General (OIG), detailing the results of a passive assessment of 1,062 water systems in the country. Of those, 97 drinking water systems were found to have either critical or high-risk cybersecurity vulnerabilities. The watchdog claims that these water systems service roughly 26.6 million people.

The OIG’s assessment further unearthed that another 211 water systems, servicing a total of more than 82.7 million people, had either medium and low-severity vulnerabilities.

Without incident. A more shocking discovery was found when the OIG attempted to alert the EPA about the discovered vulnerabilities. The entity learned that the EPA does not have a cybersecurity incident reporting system that water and wastewater systems could use to notify them of cybersecurity incidents. Instead, it taps the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, though the OIG claims it had trouble substantiating the relationship.

“We were unable to find documented policies and procedures related to the EPA’s coordination with the Cybersecurity and Infrastructure Security Agency and other federal and state authorities involved in sector-specific emergency response, security plans, metrics, and mitigation strategies,” the OIG wrote in the report.

Read the rest here.—BM

Saviynt CTO Jim Routh’s 29-year career in the tech space wasn’t what he expected at first. A history major in undergrad, Routh turned to tech as a way to get his foot in the door for the role he really wanted: being an entrepreneur.

“I was a jack of all trades doing all bunches of different stuff for an office product company,” Routh told IT Brew. “One of the customers was an IT security consulting company, and they offered me a job.”

Beginnings. He took to it and found a career path. Despite not having experience in computer science, he could tell that the future was in tech. While working for American Express, Routh began getting certified in security, eventually becoming the company’s first CISO in 2003. From there he went to other firms, including JP Morgan Chase, Aetna, and MassMutual.

“I got more interested in it and ended up going to school and taking a bunch of classes…at that time security was not a really well established discipline in a large enterprise,” Routh told IT Brew.

Identification station. Today, Routh’s focus is on identity access management. His role at Saviynt, a cloud identity security management platform, came after being a customer of the company. Routh told IT Brew that identity access management “grows pretty much at the same scale of the business” because the more identity clearance that is needed the more of a role those in charge of granting access will take. Enter data science—in order to streamline the identity process and establish and implement controls.

Read more here.—EH

You can get rid of a seat in the conference room.

A two-in-one C-suite role known as the chief product and technology officer (CPTO) has reemerged, according to IT pros who spoke with IT Brew, as companies innovate and want to do more with less.

Camp counseling. At DataCamp, OpenAI powers some of the learning platform’s teaching features—like generative suggestions when a beginning user gets a coding error.

There’s also a potentially contentious choice when it comes to which large language models to employ.

Some of DataCamp’s engineering pros preferred to use the newest LLMs, available from OpenAI. Some of DataCamp’s product team wanted to wait until the models became available from Azure, a preferred platform for sending B2B client data.

Eduardo Oliveira, DataCamp’s chief product and technology officer, made a decision: the smaller clients—the ones less sensitive to a decision to use Microsoft, he said—could use the faster, newer models. The bigger companies had the default option of Azure and Microsoft, with an option to use a newer model from OpenAI.

For communication between product and engineering teams, Oliveira’s role of CPTO is a valuable one requiring experience in both fields.

Keep reading here.—BH