In an Oct. 11 announcement, the Environmental Protection Agency pulled back its March mandate that water-system audits must include a cybersecurity assessment. While the EPA withdrew the requirement, the agency emphasized the importance of protecting critical hydration stations:

“Cybersecurity attacks on water and wastewater systems occur frequently and are a significant threat to their operations. EPA encourages all states to voluntarily engage in reviewing public water system cybersecurity programs within the sanitary survey or an alternate process to ensure that deficiencies are corrected, and potential public health impacts are minimized,” the agency said. Translation: We’re not gonna make you do it, buuut localities should really check their water system cybersecurity programs.

A security to-do list protecting critical infrastructure, however, requires a dedicated staff to implement it, not just one IT pro in the room, Ashley Johnson, senior policy analyst for the Information Technology and Innovation Foundation, a DC-based think tank, told IT Brew.

“Which is, unfortunately, what you run into in a lot of situations, especially once you drill down all the way to local government, where there’s just not a very big budget to spend on cybersecurity,” Johnson said.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

The secret to unlocking sustainable, impactful growth is…compliance?

It’s true. Achieving (and maintaining) SOC 2 compliance can help you boost sales velocity, access new enterprise markets, and reduce internal resource constraints.

And Thoropass put together a comprehensive SOC 2 guide with research and insights for everyone from the decision-makers to the tech pros. Read it to learn all about:

• SOC 2 time and cost expectations
• how to leverage your SOC 2 report
• multi-framework considerations
• continuous monitoring and maintenance of your SOC 2 report
• the answer to the question “Is SOC 2 compliance enough?”

Interested in more than just a guide? Check out the Thoropass platform to see how they’re changing compliance.

Get the SOC 2 guide + demo the platform.

Cybersecurity professionals remain in high demand, according to a new report.

CyberSeek, in partnership with tech jobs organizations CompTIA, Lightcast, and the National Initiative for Cybersecurity Education (NICE), reported that there’s a 315,000-position cybersecurity jobs deficit in the US just to meet current demand. That number is in addition to the 1.1 million jobs already filled between May 2022 and April 2023.

As IT Brew previously reported, September jobs numbers for the tech industry dipped slightly amid an overall strong jobs report. That doesn’t mean the sector is in trouble—tech unemployment, at 2.2%, is a good deal lower than the national rate of 3.8%—but it does indicate some restructuring.

Cybersecurity is still helping to drive the job market in Washington, DC, which posted the most positions in September among US cities. CompTIA Chief Research Officer Tim Herbert told IT Brew that the city leads the way in part because of the security needs of the region.

“There is a pretty stable base of employers here, especially when you think about all of the defense contractors, all of the big consulting firms,” Herbert said. “And it reflects the ongoing demand for cybersecurity that always shows up as a pretty significant component of hiring in the Washington, DC region.”

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 31. That’s the number of regional tech hubs, each eligible to compete for between $40 million and $75 million in grants, that the White House has designated throughout the US. (NBC News)

Quote: “I knew at some point in time the patent office would recognize it.”—Martin Goetz, who recently died at the age of 93, on obtaining the first known software patent in 1968 (the New York Times)

Read: On the college students dropping out in the hopes of scoring jobs in AI. (the Wall Street Journal)

Partner in compliance: Download Throropass’ new SOC 2 guide for a deep dive on SOC 2 time and cost expectations, multi-framework considerations, and a whole lot more. Get the guide.*

^{*A message from our sponsor.}