I mean if you can write shell and some orchistration language you’re golden for anything.
This is part of what I meant by labor costs increasing with alternate solutions. As I’m sure you’re aware lots of folks in our field cannot write shell script to save their lives. You’re a higher skill engineer than many orgs that were running VMware. This isn’t a knock on VMware folks. PowerCLI can do lots of things especially in the hands of a skilled engineer, but a good number of folks never make it out of the vSphere client to do their work and complete their tasks. These folks are cheaper to employ because they can still accomplish the task by using the VMware tools that would otherwise require a bespoke solution written by the engineer.
We had some PCI stuff, I relapsed smoking because of getting through it haha. We were also halfway through getting the Australian government PII/gov contract thing when I left.
I hear ya! It can be pretty brutal, especially if you have an honest and knowledgeable QSA.
Most people suck at passing audit compliance because they try to box tick rather than explain how their tailored systems meet and exceed the requirements.
There are also those orgs that shop for a weak QSA, and pay the price later if the resulting audit is too weak. I agree with you that chasing a checked box isn’t the best approach especially if you’ve got a good solution and can document compensating controls.
This is part of what I meant by labor costs increasing with alternate solutions. As I’m sure you’re aware lots of folks in our field cannot write shell script to save their lives. You’re a higher skill engineer than many orgs that were running VMware. This isn’t a knock on VMware folks. PowerCLI can do lots of things especially in the hands of a skilled engineer, but a good number of folks never make it out of the vSphere client to do their work and complete their tasks. These folks are cheaper to employ because they can still accomplish the task by using the VMware tools that would otherwise require a bespoke solution written by the engineer.
I hear ya! It can be pretty brutal, especially if you have an honest and knowledgeable QSA.
There are also those orgs that shop for a weak QSA, and pay the price later if the resulting audit is too weak. I agree with you that chasing a checked box isn’t the best approach especially if you’ve got a good solution and can document compensating controls.