Was it all a dream?

2022 began with a bullish job market in tech and IT as the economy heated up in the aftermath of loosened pandemic restrictions and more positions than workers to fill them.

That tight market for IT talent led to increased wages and aggressive headhunting from firms seemingly desperate for staff, even more so than in other sectors of the economy that also saw high growth and low unemployment.

“Virtually every company today is a tech company in some way,” Scott Dobroski, a careers expert with employment site Indeed, told IT Brew. “All of them want to uplevel their tech presence.”

Chopped. Over 90,000 tech workers were laid off by December 2022, according to a Crunchbase study. The cuts have come from big name companies—Meta, Netflix, and Amazon are among the most well-known—and smaller firms alike, as the industry prepares for what is expected to be an economic downturn in the coming months.

Yet the job market remains strong. There’s a reason for that: Tech has been so fully integrated into nearly every facet of American companies that IT workers are needed to keep the lights on, Dobroski said. And adversary threats have increased to the point that cybersecurity workers are needed either at the company or at outsourced firms that are managing a growing number of organizations that need assistance.

Keep reading here. —EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Even a hack exposing 9+ million records can be considered “basic.”

While the effects of a compromise on the Australian telecom Optus were anything but omg, so mainstream, the attacker had an easy way in.

“What is of concern for us is how what is quite a basic hack was undertaken on Optus,” Australian Minister for Cybersecurity Clare O’Neil said shortly after the Sept. 2022 breach.

Because the app’s facilitator of data-exchange, known as the application program interface (API), was left “exposed” to the internet—no authentication required—the hacker could download customer records.

While IT teams often make application inventory and patching part of their vulnerability management programs, recent attacks show that the API is an oft-exposed component deserving of some attention—both in the development process and during runtime.

“Those exposure points are often ignored, often overlooked, and very often vulnerable, or overly permissive, because the person writing them maybe didn’t have the knowledge or experience for how to limit what could be seen or what could be called,” said Bill Young, VP and general manager of threat management at the consultancy Optiv.

Keep reading here. —BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 50. That’s the number (at least) of individual and proposed class-action lawsuits filed over “failing to protect” cryptocurrency assets from hackers since 2017. (Bloomberg Law)

Quote: “It’s been a total nightmare.”—an employee of the Guardian, which was hit by a ransomware attack on December 20 (the offices of the news organization will remain closed until at least January 23) (Semafor)

Read: How to spot the most common LinkedIn scams. (Reader’s Digest)