NZ Fry Up: 'Brutal' IT talent market continues; New CTO appointments; 15 most exploited vulnerabilities in 2021

"Brutal" tech talent market set to continue

The "brutal" tech recruitments market is showing no sign of slowing down. Driven by a lack of competition, a high number of counteroffers and the increased cost of living, New Zealand tech workers are embolden to ask for higher pay rates, according to Bianca Jones, Talent's Wellington managing director.

"There are thousands of tech vacancies across the country. I have been in recruitment for over 18 years, and this is the busiest I have ever seen it. It's brutal," said Jones, adding senior architects who earned up to $160,000 a year pre-pandemic, are now asking for up to $180,000.

Jones' comments are reflected by figures from Hays. It's technology Contractor Rates Guide found New Zealand customers are facing increasing pressure from contractors’ rates with "little relief on the horizon".

According to Hays’ report, an enterprise architect contractor based in either Auckland, Wellington or Christchurch can command up to $1,600 per day.

New CTOs for Reserve Bank, Greater Wellington Regional Council and Frucor Suntory

Both the Reserve Bank of New Zealand/Te Pūtea Matua and Greater Wellington Regional Council have welcomed new CTOs, while Frucor Suntory New Zealand has appointed a chief digital and information officer.

John Baddiley joins the Reserve Bank of New Zealand as director of digital solutions and CTO on May 9 from Bank of New Zealand (BNZ) where he has been since November 2016—most recently as head of strategic relationships.

Ross Lynch has taken over the role of CTO at Greater Wellington Regional Council, replacing Sue McLean who is now general manager, corporate services at the council. Lynch had previously been the council's ICT design and delivery manager.

Meanwhile, after nine years as business technology director and CIO at Frucor Suntory Pieter Bakker has been appointed as the company's chief digital and information officer (CDIO).

Joint cybersecurity advisory warns of new and old vulnerabilities

New Zealand’s National Cyber Security Centre (NCSC) has issued a cyber security advisory along with its counterparts from the United States, Australia, Canada, and the United Kingdom to warn of common vulnerabilities frequently exploited by malicious cyber actors, including the 15 most commonly exploited of 2021. 

1. CVE-2021-44228 (Log4Shell): Remote code execution (RCE) vulnerability in Apache Log4j
2. CVE-2021-40539: RCE vulnerability in Zoho ManageEngine AD SelfService Plus
3. CVE-2021-34523 (ProxyShell): Elevation of privilege vulnerability in Microsoft Exchange Server
4. CVE-2021-34473 (ProxyShell): RCE vulnerability in Microsoft Exchange Server
5. CVE-2021-31207 (ProxyShell): Security feature bypass in Microsoft Exchange Server
6. CVE-2021-27065 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
7. CVE-2021-26858 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
8. CVE-2021-26857 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
9. CVE-2021-26855 (ProxyLogon): RCE vulnerability in Microsoft Exchange Server
10. CVE-2021-26084: Arbitrary code execution vulnerability in Atlassian Confluence Server and Data Center
11. CVE-2021-21972: RCE vulnerability in VMware vSphere Client
12. CVE-2020-1472 (ZeroLogon): Elevation of privilege vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC)
13. CVE-2020-0688: RCE vulnerability in Microsoft Exchange Server
14. CVE-2019-11510: Arbitrary file reading vulnerability in Pulse Secure Pulse Connect Secure
15. CVE-2018-13379: Path traversal vulnerability in Fortinet FortiOS and FortiProxy

The authorities recommend organisations prioritise a number of mitigation measures, including:   

• Vulnerability and configuration management
• Identity and access management
• Protective controls and architecture.