How Security Impacts Company Value

It’s widely known that recovering from a cyber-attack can be costly to small businesses, but many entrepreneurs do not realize that their security measures can actually impact their company’s valuation.

It’s understood that if two companies are discussing a merger or acquisition, the potential buyer will perform due diligence from a financial and legal standpoint. However, integrating cybersecurity due diligence into the M&A process is essential for identifying risks that could inform decision-making and negotiation.

Why Security Impacts Company Value

For many startups, especially in the tech space, IT Infrastructure is a core component of the business. If that core is not secure, it raises a red flag for a potential buyer, as it indicates they will need to make investments beyond the acquisition cost.

You might think of it as inspecting a house before making a purchase. If the inspection reveals cracks in the foundation, a buyer is likely to walk away from the deal. 

The same is true in business. If an assessment uncovers weak points that could be exploited by a hacker, it may cause the deal to fall through.

What to Expect from Cybersecurity Due Diligence

When a potential buyer performs a cybersecurity due diligence assessment, they will likely explore the following areas:

Data Inventory

An evaluation of:

  • all the data a company has
  • where data is stored
  • how data is transferred

This provides insights into data security and privacy risks, as well as identifies gaps. 

Prospective buyers do this to understand their risk exposure, especially as it relates to regulatory compliance standards and privacy legislation.

Cybersecurity Risk Assessment

Understanding an organization’s cybersecurity tools and practices has become a standard practice of the M&A process. 

These assessments:

  • inform decision makers on gaps in compliance 
  • identify threats and vulnerabilities to information assets 
  • develop a mitigation plan to prioritize and remediate each risk

Third-party Risk Assessment

The way a company interacts with vendors, suppliers and service providers impacts the overall security of a business. 

Penetration Testing

Professional penetration testing teams carry out simulated attacks to examine systems for exploitable vulnerabilities, as well as social engineering exercises to gauge employees’ security awareness. 

These tests provide measurable insight into the real-world risks an organization faces.  


Digital Transformation

Digital transformation is the latest buzzword in the corporate lexicon, which means that many people may not actually understand the real goal behind it. 

Simply put, digital transformation is the process of adopting new technology to improve business processes and evolving business practices to unlock new operating models, increasing customer value.

Once a company has digitally transformed, both consumers and employees gain the ability to utilize multiple platforms to interact with the company.  Regardless of the time of day, or device they are on, each user will have the same experience. 


Digital Transformation v. Cloud Computing

Cloud computing leverages online resources to make certain computing processes accessible anytime, anywhere. When a business moves to the cloud, that may include changing how employees store files, and access business software or databases.

While cloud computing plays a role in digital transformation, the overall process goes beyond just migrating to the cloud.  

Digital transformation is the process of evaluating the entire business landscape and finding ways to use technology in order to enhance everything you do. This ranges from operations to customer engagement and can help: 

  • drive efficiencies
  • improve customer experience 
  • adapt to change  

Digital Transformation and Company Culture

Covid has accelerated the need for digital transformation, and has made it an absolute necessity to survive the pandemic period. The shift to remote work has forced many companies to update policies, streamline processes, and enhance data security controls to enable employees to work from anywhere. 

As we’ve seen recently many companies have gone fully remote and, in many cases, remote work has now become table stakes to attract and retain top talent.  

This means that traditional network boundaries, such as requiring employees to be in the office to access information, are a thing of the past.  


Cybersecurity is a Part of Digital Transformation 

Cybersecurity goes hand-in-hand with digital transformation efforts. As companies transform their infrastructure to support work from any device, integrating zero trust principles into business processes is imperative to securing its data, people, and assets.  

It’s worth noting that employees may be resistant to the changes this brings. Working in a zero trust environment requires employees to continuously authenticate their identity as they work with different software and systems. 

This can feel like a hassle for some people, and it may be viewed as a barrier for speed and efficiency. That’s why it’s important for company leadership to buy into the process, lead by example, and promote the message that security is everyone’s responsibility. 

Luminary ACE can help businesses be mindful of security as they evaluate ways that technology can help improve their business model. Contact us today to discuss your options.

Impacts of a data breach

The costs of a data breach are rising. 

According to IBM’s 2021 report:, the average cost of a data breach has risen to $4.24 million – the highest average ever. They also found that compromised credentials were the most common way hackers gained access, and that remote work has been a large factor in both the frequency, and the costs of an attack.

If you’re struggling to understand how these numbers add up, let’s break down what actually happens when a business’s security is compromised. 

What really happens during a data breach?

When a business is identified as a potential target by a cybercriminal, they start with  reconnaissance on the employees and systems, and launch an attack using any weaknesses they find. 

Once inside the network, their goal is to keep their activity hidden while avoiding detection. The longer a hacker has access to a network, the more havok they may cause, which results in more costs for the business.

It’s terrifying to think that on average, it takes a company on average 197 days to detect a data breach

Imagine the impact to your business when a criminal is hiding inside your network for 8 months, without being detected, modifying, destroying, or stealing sensitive information about your company and customers.

Breaking down the costs of a data breach

Once a breach is discovered, there are both short-term and long-term cost impacts that you may or may not have considered.

Short-term costs

Professional Services

Dealing with a data breach will require cybersecurity professionals to perform a technical investigation to understand the full extent of the hackers activity, as well as guide the organization on a recovery plan, and security measures to protect against future attacks.

A public relations and legal team will also need to be engaged to help manage the fallout.

For businesses that don’t have employees able to perform these duties, outside contractors will need to be brought in at a substantial cost.

Loss of productivity

When a data breach happens, it requires all hands on deck to recover:


  • C Suite
  • Communications
  • Finance
  • Legal
  • IT / Security
  • Customer service
  • Business units

When a team has to concentrate on the fallout from an attack, they are unable to focus on their regular activities, and the things that make the company money.

Also worth noting is that many companies react to a data breach by essentially pulling the plug on their servers, in order to stop the inflation. If there are no system backups, or employees have not followed procedures to save their files on the cloud, they may struggle to recover their work (presentations, past records, strategic plans, etc.) and have to redo many tasks. 

Loss of sales 

The news of a data breach can erode trust in a company, which often results in a loss of customers, and quickly dries up a sales pipeline.

Perhaps worse, is losing customers who leave because of non-performance (employees are dealing with the data breach instead of supporting customers).

Long-term costs

The long-term impacts from a breach could linger for years and include:

  • Operations disruption or loss of business
  • Litigation, fines, fees or liability claims
  • Loss of customer trust relationship
  • Loss contract revenue
  • Deficit spending

On average it takes 69 days to contain a breach, but it often takes years to recover revenue, and return to normal growth levels.

It’s clear that the recovery process is costly in both time and resources.  The good news is organizations can prevent many cyber attacks by taking proactive and preventative measures such as:

  • risk assessments
  • vulnerability management
  • least privilege practices
  • awareness training and tabletop exercises

These cost-effective measures can mitigate security risks and save an organization from many problems.  If you’d like to discuss how to leverage them for your business, please contact us for a free consultation.  


5 Steps to a Cybersecurity Risk Assessment

It’s no secret that cybersecurity breaches are increasing in both frequency and complexity. Ransomware attacks are regularly in the news, and the 2020 Thales Data Threat Report found that:

49% of US companies have experienced a data breach

26% of US companies have experienced a data breach within the last year

Despite these sobering numbers, most of us still believe that it won’t actually happen to us. This false sense of confidence means that many of us haven’t done our homework and performed a cyber security risk assessment, and so we may not be aware of an attack when it’s happening.

Consider this: on average, there are 4,800 websites compromised every month with form-jacking code, which allows a hacker to capture credit card information as it’s entered on your website. 

While this attack allows criminals to steal millions of dollars, your website continues to function without any problem. Unless you actively perform vulnerability scans on your site for malware, test code updates and monitor activity you might not even realize your business has been compromised.

The Value of a Cybersecurity Risk Assessment

Performing a cybersecurity risk assessment will give you greater knowledge and understanding of the potential threats that exist, and how they can harm your business. 

Risk assessments can also help you:

  • Reduce costs
  • Avoid financial loss 
  • Strengthen your reputation with clients, vendors and business partners

Step 1: Take Inventory of your information systems

Start by making a list of all the systems your organization uses, including:

  • CRMs
  • Accounting software
  • Payroll systems
  • Website hosting and management
  • Credit card processors
  • Email systems
  • File / document storage
  • Cloud storage
  • SaaS apps or systems

Note: Small businesses should examine their entire operation, but larger organizations may need to narrow their scope and focus on specific business units, or functions (i.e. payment processing). 

Step 2: Assess the risk to each system

Now that you’ve identified your information systems, it’s time to think through how they are accessed, and where a threat exists.

Ask yourself the following questions for each item on your list:

  • How is the system accessed?
    • Is it available online, or software that must be accessed through a company portal?
    • Is it connected to other third party apps? (i.e. your credit card processor is likely connected to your website)
  • Who has access?
    • Are there multiple users, or do several people share access through a single login?
    • Do any outside vendors have access to the system?
    • Can anyone in the company access the information/files, or do different users have different permission levels?
  • How are passwords stored or shared?
  • Do any security measures exist, such as a VPN, firewall or double authentication?
  • Are there backups of the information? 
    • If so, where are they stored, and who has access?
  • What type of information is stored that could present a risk?
    Do any systems store personal information such as:

    • Social security numbers of employees or clients
    • Birthdays of employees or clients
    • Credit card information
    • Bank account information for ACH transfers/payroll

Step 3: Consider the threats

Now it’s time to consider the threats to each of your systems. Many companies tend to focus on external threats, but a study by Verizon found that a third of data breaches are caused by internal actors. 

Internal threats, whether accidental or intentional, may have the same devastating impact on a business.  A comprehensive risk assessment should identify all risks to a business, both internal and external.

External threats include:

  • Ransomware
  • Malware
  • Viruses
  • Phishing

Internal threats include:

  • Human error
  • Employees accessing information through insecure devices (i.e. personal computers or mobile phones)
  • Data theft

Don’t forget the risk of a natural disaster or structural failure – if your building burned down, could you continue to operate? 

Step 4: Prioritize your response

By now you should have a comprehensive picture of your information systems, and the threats that exist. This allows you to take steps to protect yourself. 

In an ideal world, you would secure everything immediately, but the reality is your budget may require a phased approach, so it’s important to prioritize the biggest threat. 

  1. What is the likelihood of the threat?
    An attack on your website could be very likely, while a natural disaster is less likely.
  2. Determine the severity of the threat, its impact and cost.
    If your clients’ credit card information is compromised, what will it cost you to address the breach? Be sure to include the impact to your reputation, as well as potential fines or lawsuits.
  3. What is the effectiveness of the control?
    If you require employees to use a VPN to access company systems, will that contain the risk?

Step 5: Review annually

As your business evolves, it’s highly likely that you’ll add, or upgrade, the systems you use. Your team will change, and as we’ve found with the COVID pandemic, work habits will change. 

All of these factors make it important to document your risk assessment, and review it annually to adapt to changes in your organization.

At Luminary ACE, we believe every business – no matter how big or small – should be protected against cyber threats. That’s why we offer cost-effective strategies to operate in a secure, and efficient manner. Contact us today for a free consultation to find out if we’re the right choice for you.  

Cybersecurity: A Problem too Big for Small Businesses to Ignore

It seems like every day there is a new story of a data breach or cyber-attack reported in the news.. As more and more of our activities take place online the threat of cybersecurity increases.

Despite this, few small businesses take steps to protect their systems and information from cyber-attacks. In fact, studies show that 54% of small businesses believe hackers aren’t interested in their company because it’s “too small.  If you happen to fall into that category, consider these facts:

  • 43% of cyber-attacks target small businesses
  • 60% of those companies don’t recover and go out of business.

Yes, you read that correctly. More than half of small businesses that suffer from a cyber-attack will close.

If that’s not enough to spur you into action, chew on this: the risks of insecure information include:

  • Loss of revenue
  • Loss of customers
  • Loss of productivity
  • Loss of contracts
  • Financial penalties
  • Lawsuits

So what can you do?

The first step is gaining an awareness of the cyber-threats you face, in order to protect against them.

Top 3 Cyber Threats to Small Businesses

#1 Ransomware

I am sure by now everyone is familiar with Ransomware.  It is a specific type of malware that encrypts a victim’s files and makes the device where they are stored inoperable.  Once the malware is on your system, the attacker demands to be paid a ransom from the victim to restore access to the encrypted files.  The most recent and largest-known attack occurred just last week on U.S. energy infrastructure, Colonial Pipeline.

Anyone with a computer connected to the internet. As is anyone with important data stored on their computer or network. 

Ransomware can be disastrous for a small business. Without access to systems and data, business operations will be severely limited.  Paying the ransom does not always guarantee that the files will be restored.  Recovery can be both timely and costly

#2 Phishing attacks

The most common method of attack, phishing, is the fraudulent attempt to steal sensitive information, such as passwords, credit card numbers, or other personal details by pretending to be a trusted source. Since the onset of the pandemic, there has been a 600% increase in phishing. 

There are several types of phishing, but the most common is email phishing, which can be either random or targeted on certain people, or divisions within an organization. .    

An attacker will send a spoofed email, designed to be from a legitimate source, such as a supplier or someone from inside your organization.  The email will request that the intended target disclose sensitive information, such as credentials, bank account information, etc. 

#3 Remote Workers

The increase in remote workers has also increased the threat of cyber-attacks, as workers use home networks and personal devices that may be vulnerable.

This is a sneaky threat, because even if you have taken steps to secure your systems, if one of your employees uses an unsecured cell phone to access company information, it could compromise your company.

Why Small Businesses are Targeted

Cyber criminals have learned that small businesses are less likely to have strong security measures implemented.  Criminals go after weaker targets because it will yield results with minimal effort. 

Hackers may also use small businesses as an attack vector to target a much larger company.  While large companies have the resources to defend against a cyber-attack, they may inadvertently be compromised because of an attack on an insecure small business in its supply chain. This is just one of the reasons for the DoD’s new CMMC requirement for federal contractors. 

At Luminary ACE, we understand that cybersecurity is a challenge for small businesses. Beyond the expense of implementing security measures, it may feel onerous to go through the steps required to keep information secure. Yet, when done right, cybersecurity can increase productivity, enhance product integrity, and improve the customer’s experience. 

If you’d like to understand what a cybersecurity plan would look like for your business, contact us today for a free consultation. 

Automation:A Global and Influential Profession – Part 1

This is a paper I wrote for a presentation I just gave in Lima, Peru to a group of Automation Professionals sponsored by TECSUP. 

It is also my first blog update using the MS Word tool so the formatting is a little off.  More practice needed there.  One thing of note is that it killed all of my references which I have pasted at the bottom.




Automation as a profession has suffered from a long overdue lack of recognition. As our manufacturing plants continue their path to efficiency and productivity, automation will play an increasingly critical role. Fortunately, many things are converging to elevate the profession to the prominence it needs and deserves to be the player in shaping the factory of the future. This paper is a compilation of many sources of information and describes the many efforts underway to accomplish the important task of promoting the profession.


Disclaimer – Many portions of this paper are direct copies from other sources and the author has made every attempt to credit these sources. The author acknowledges that this paper is compilation of the information available. The reasoning for this copy is to maintain consistency of the message and acknowledge the great work that has gone on before this paper was written.


What Does It Mean to be a “Profession”?

Attempting to locate a precise definition of the word profession proves to be a challenge. However, a general consensus exists through several sources. A profession can be defined as an occupation that transforms itself through “the development of formal qualifications based upon education, apprenticeship, and examinations, the emergence of regulatory bodies with powers to admit and discipline members, and some degree of monopoly rights.” Another definition is “a calling requiring specialized knowledge and often long and intensive academic preparation: a principal calling, vocation, or employment: the whole body of persons engaged in a calling


For automation, it takes an expanded meaning still as the profession is so vast. It encompasses professionals from many different backgrounds, specialties, training, education, roles and experience. All of these careers are interwoven into the fabric of the automation profession.


Automation involves technicians, engineers, scientists and other professionals. These highly skilled individuals come from industry, academia, and government around the world. It is our job to bring them all together and advance the efforts in a collaborative and efficient way to benefit all mankind. It is our responsibility to provide good stewardship for the profession!


Why is Automation an Unknown Profession?

Why has such a critical occupation not been recognized and defined as a profession until recently? Unfortunately, most of the blame can be placed on those in the profession. As with most technical people, we struggle with clearly communicating to those other than our colleagues. We are too busy solving the problems in front of us to talk about them with others. When we do communicate about our profession, we tend to use a lot of acronyms and technical language that most people don’t understand. This is even true in our jobs when we are communicating with managers and peers. Many of us find it quite difficult to tell someone what we do for a living. And when we do describe it, people will tend to simplify it to something they can understand, like calling it “robotics”.


Another challenge comes from the fact that there are many specific subsets of automation, from technicians to researchers to sales. In many cases, these jobs look very different to the outsider but are actually all part of the same overall profession. In manufacturing, we don’t actually build the product but the plant could not produce the product without us. The term “manufacturing” is used in this paper in the broadest of meanings encompassing all industries (Process, Oil and Gas, Chemical, Food, Beverage, Pharmaceuticals, Batch, Continuous, Discrete, Robotics, etc). We operate in the background. In fact, nothing can be made in today’s global economy without some form of automation. Unfortunately, we still suffer from an identity crisis.


Combine these items with an inaccurate and negative perception of manufacturing being a dirty place to work with dead end careers, and the profession suffers another blow.


Further evidence of this occurred in the early 2000’s, when the International Society of Automation (ISA) conducted market research into the recognition of the automation profession. The findings were good and bad. The good message was that automation did not have a bad reputation. However, the bad message was that automation had no reputation. The overwhelming majority of the public does not know who we are and does not understand what we do.


As budgets tighten and staffs reduce, many firms are no longer able to train and mentor new workers in the ways of automation. They are no longer able to fund trips to conferences and supplier shows to learn new technologies and stay abreast of trends in the industry. The time commitment required of these folks to perform their primary jobs prevents them from being able to learn, volunteer in professional societies, network and and stay connected on their own.


Many issues converge to prevent the profession from becoming well known and a choice career for young people. Without the time to promote the profession individually, we all suffer as our workloads continue to get larger as our management does not understand the value we bring to bear. But we must not let the urgent continue to take priority over the important.


Defining the Automation Profession

ISA and the Automation Federation define automation as “the creation and application of technology to monitor and control the production and delivery of products and services.”

The automation profession includes “everyone involved in the creation and application of technology to monitor and control the production and delivery of products and services”; and the automation professional is “any individual involved in the creation and application of technology to monitor and control the production and delivery of products and services.”

Automation encompasses many vital elements, systems, and job functions. Automation provides benefits to virtually all of industry. Here are a few examples:

  • Manufacturing including food and pharmaceutical, chemical and petroleum, pulp and paper
  • Transportation including automotive, aerospace, and rail
  • Utilities including water and wastewater, oil and gas, electric power, and telecommunications
  • Defense including logistics, unmanned aircraft, communications, electronics, etc
  • Facility operations including security, environmental control, energy management, safety, and other building automation
  • And many others

Automation crosses all functions within industry from installation, integration, and maintenance to design, procurement, and management. Automation even reaches into the other functions such as health, safety, marketing, sales and more.

Automation involves a very broad range of technologies including instrumentation, control systems engineering, robotics and expert systems, telemetry and communications, electro-optics, Cybersecurity, process measurement and control, sensors, wireless applications, systems integration, test measurement, and many, many more.


A “Competency Model” is a formal federal document that clearly defines what a person needs to know and be able to do to perform well in an occupation—the knowledge, skills, and abilities required. Competency models are developed through research and industry validation; and, once completed, are promoted, maintained, and updated.


In 2009, the Automation Federation, in collaboration with the Employment and Training Administration (ETA) of the U.S. Department of Labor (DOL), completed the Automation Competency Model (the first produced by the DOL). Automation industry leaders and ETA staff worked together to develop this comprehensive competency model for careers in automation with the intent of aiding and increasing the number of individuals pursuing careers in this vital profession. In addition to the expertise contributed by industry leaders, A Guide to the Automation Body of Knowledge, 2nd Edition, Vernon L. Trevathan, editor, served as the basis for the technical competencies portions of the model. The model also incorporates all of the technical domains of a Certified Control Systems Technician® (CCST) and Certified Automation Professional® (CAP) as explained later in this paper.

Figure 1 – The Automation Competency Model


The model is a web-based, interactive tool describing the competencies required for a career in automation. The user should access the model online and take advantage of the tools built into it. If that is not feasible, one can download additional tools including a spreadsheet and a paper from the website that fully describes all of the pieces of the model. The following is an excerpt from that document.



The Automation Competency Model is depicted in a pyramid graphic with nine tiers. This shape illustrates how occupational and industry competencies build on a foundation of personal effectiveness, academic, and workplace competencies. Each tier is comprised of blocks representing the skills, knowledge, and abilities essential for successful performance in the industry or occupation represented by the model. At the base of the model, the competencies apply to a large number of occupations and industries. As a user moves up the model, the competencies become industry and occupation specific. However, the graphic is not intended to represent a sequence of competency attainment or suggest that certain competencies are of greater value or higher skill than others. The graphic is accompanied by a table which contains definitions and associated key behaviors for each competency block.



Tiers 1 through 3, called Foundation Competencies, form the foundation needed to be ready to enter the workplace.


Tier 1 – Personal Effectiveness Competencies are shown as hovering below the pyramid because they represent personal attributes or “soft skills” that may present some challenges to teach or assess. Essential for all life roles, personal effectiveness competencies generally are learned in the home or community and reinforced at school and in the workplace.


Tier 2 – Academic Competencies are critical competencies primarily learned in a school setting. They include cognitive functions and thinking styles, and are likely to apply to most industries and occupations.


Tier 3 – Workplace Competencies represent motives and traits, as well as interpersonal and self-management styles honed in the workplace. They generally are applicable to a large number of occupations and industries.


Tiers 4 and 5, called Industry Competencies, show competencies that are specific to the industry or industry sector. The cross-cutting industry-wide technical competencies make it possible to show career lattices within an industry wherein a worker can move easily across industry sub-sectors. As a result, this model supports the development of an agile workforce, rather than narrowly following a single occupational career ladder.


Tier 4 – Industry-Wide Technical Competencies represent the knowledge and skills that are common across the sectors within a broader industry. These technical competencies build on, but are more specific than, a competency represented on a lower tier.


Tier 5 – Industry-Sector Technical Competencies represent a sub-set of industry technical competencies that are specific to an industry sector, in this case Automation. Development of the technical competencies relied heavily on A Guide to the Automation Body of Knowledge, 2nd Edition, Vernon L. Trevathan, Editor.


Tiers 6 through 9 represent the specialization that occurs within specific occupations within an industry. Information on occupational competencies is available through O*NET OnLine


Sample job descriptions can also be found through the website which links the user back to the Automation Federation website. The following sample job descriptions are located there:


A three year update occurred in June, 2011 and the additional job description for Advanced Process Control Engineer was added. In order to maintain the model, a review is required every three years at a minimum. These reviews look at the current status of the profession and ensure the model fits. Where it is lacking, it is improved. Professionals from all over the automation profession are solicited for input such that a good cross section of knowledge is accounted for.


Why is the Automation Professional Important?

Think about the cell phone and computer you use every day to do your job. Think about the car you drive to take to work. Think about the food you eat; water you drink; clothes you wear; and appliances you use to store, prepare, and clean them. Think about the television you watch, video games you play, or music system you listen to. Think about the buildings you visit. Think about any modern convenience or necessity. Just about anything you can think of is the result of complex processes. Without talented individuals to design, build, improve, and maintain these processes, these technological advances would never have occurred and future innovations would be impossible. Without automation professionals, our world and our future would be very different. We are living in a world made up of a system of systems and the complexity is expected to change at an ever increasing pace. It is the automation professional that uniquely understands the interactions and inter-dynamics of such complex designs.

Automation professionals are responsible for solving complex problems in many vital aspects of industry and its processes. The work of automation professionals is critically important to the preservation of the health, safety, and welfare of the public and to the sustainability and enhancement of our quality of life.

The U.S. government, among many others, recognizes the unsung value of automation professionals. Support for the importance of automation to industry comes from the United States Senate Committee on Appropriations. On 30 June 2009, the committee submitted report language (including the excerpt shown below) to accompany the bill: H. R. 2847 (Commerce, Justice, Science and Related Agencies Appropriations Act, 2010) emphasizing the importance of automation to industry:

“Supporting the Nation’s manufacturers, especially small businesses, is critical to keeping America innovative in a global marketplace…MEP, NIST, and its partners are directed to consider the importance automation plays in accelerating and integrating manufacturing processes. The topic of automation cuts across all levels of industry, rather than serving as a stand-alone technology, and particularly affects the fields of control systems cyber security, industrial wireless sensors, systems interoperability, and other basic automation technologies necessary for the success of industrial enterprises. NIST is encouraged to consult and collaborate with independent experts in the field of automation to support the agency’s efforts in working with industry to increase innovation, trade, security, and jobs.”

Automation professionals do and will continue to play a crucial role in protecting us from cyber-attack; enhancing our quality of life; and ensuring the reliability, efficiency, safety, constant improvement, and competitiveness of our electric power systems, transportation systems, manufacturing operations, and industry as a whole. Without these individuals, we cannot advance into the future.


Whereas this effort has gained the most momentum in the US to date due to the locality of the volunteers driving the efforts, the groundwork established is quickly translating into accelerated work in other areas of the world. Recent meetings in Brussels, Belgium concluded with action plans in place to have the model adopted by the European Union. Brazil is looking at the model and the certifications to be a regulatory requirement for automation professionals.


Licensure and Certification of the Automation Professional

In 1992 in the US, the Control System Engineer® (CSE) was adopted as a Professional Engineering license. CSE’s now number in the 2000’s. A CSE understands the science of instrumentation and the automatic control of dynamic processes.


Introduced in 1995, the Certified Control Systems Technician® (CCST) works to provide a common level of skills and competency. Now in use globally by over 40 companies to validate personnel in the fundamental skills required to perform their jobs, the number of CCST’s worldwide is over 4000 while over 9000 have applied to take the exam. CCSTs are knowledgeable and skilled in pneumatic, mechanical, and electronic instrumentation. They understand process control loops, and process control systems including computer based systems.


In the 2000’s, long time automation professional Vernon Trevathan gathered a group of automation practitioners and developed A Guide to the Automation Body of Knowledge (AutoBOK). This book then served to foster a global certification launched in 2004 named the Certified Automation Professional® (CAP). CAPs are responsible for the direction, definition, design, development/application, deployment, documentation, and support of systems, software, and equipment used in control systems, manufacturing information systems, systems integration, and operational consulting. CAPs worldwide number in the 400’s and are growing.


Promoting the Automation Profession

In 2006, the Automation Federation was formed. The Automation Federation is a global non-profit umbrella organization under which member associations and societies engaged in manufacturing and process automation activities can work more effectively to fulfill their missions, advance the science and engineering of automation technologies and applications while developing the workforce needed to capitalize on the benefits of automation. The Automation Federation is the “Voice of Automation.”


The AF has worked diligently to increase the awareness of the automation profession with the public and government. Whereas the bulk of its work has taken place in the US, that work has established the framework for other governments which are now looking at and adopting the competency model and certifications. A large effort is now underway internationally to promote the profession. Work has begun in the EU, Canada, Brazil and India.


The AF and its members are working to increase the awareness of engineering and technical disciplines. We are working to promote Science, Technology, Engineering and Math (STEM) to young people in lower grades so they stay interested in these fields as they move into upper grades and into universities.


In addition to STEM, AF is working to change the perception of manufacturing being a dirty, unstable job. Our world economy cannot function if it does not make anything. Advanced Manufacturing is critical to economic stability and well paying jobs. And the key to manufacturing is automation.


What it Means to Automation Professionals

For all automation professionals, the advantage is huge. Manufacturing’s reliance on automation professionals will only increase. The profession of automation is expanding to include new industries such as Building Automation. The solutions to the world’s economic and environmental challenges will require involvement from automation.


By defining the profession through the Automation Competency Model, academia can use its resources to develop curriculum for certificate, 2 year technical and 4 year engineering degrees. As they will be based on the model, the users of these professionals can be guaranteed a high level of competency when hiring.


By having a profession defined, the quality of the professionals we must interact with increases and the quality and impact of the solutions developed will also increase. Some of the world’s toughest problems will be solved by automation professionals. With a profession, the ability to network and communicate with other peers becomes easier. Identifying technology trends and driving those trends to meet industry need becomes less challenging. Influencing manufacturing policy as it relates to safety, quality, productivity and technology becomes easier. More importantly, automation is invited to the table when important discussions take place. We become a legitimate force in the multidisciplinary engineering effort to solve the Grand Challenges of the world.


Automation will get involved much earlier in projects as it can single handedly impact the success or failure of a project more than any other discipline. Since automation is often seen as a solution where other efforts fail, it only makes sense that we get involved earlier in the project.


Our hope is that one day we will see Chief Automation Officers driving global automation initiatives within manufactures yielding the promised returns on investment. We will stop implementing technology for the sake of technology and as Peter Martin says in his book, Bottom Line Automation, we will start implementing technology for the bottom line. We will develop automatic processes instead of automating manual ones.


As our prominence elevates, the value of what we can do for our manufacturers will come to light. We will finally be recognized for producing the results automation promises.


When Will We Know We Have Been Successful

When a career in automation is a known and respected choice around the world, we will know we have arrived. At present, the great majority of automation professionals have accidentally found their way into this career. We no longer can afford to have Automation be known as the accidental profession or an outpost on the journey of life, it must become a destination pursuit that is pursued by many from a very young age. Practicing automation professionals must be recognized among the best and brightest minds from the scientific and engineering community. We must be seen as a peer group from the more established and traditional engineering fields.


Moving Forward

Moving the profession forward requires assistance from all automation professionals. We are gaining momentum at many levels of the government and in the public discourse. We need your help as we continue to promote the profession. We need regional contacts for government, academia, companies and others that can impact the profession. We need you to drive certification and the Automation Competency Model in your companies.


Most of all, we need you to be involved in building your profession. There are many ways to get involved. The International Society of Automation has Sections all over the world. If there is not one near you, think about starting one. Look at becoming certified and/or developing a training program. Mentor a group of young people. The opportunities are endless.


It is time we as automation professional become proud of our profession. We need to mentor young people to stay interested in math and science and look at becoming automation professionals. We need to tap our military veterans that have highly specialized training and can be easily redeployed into automation careers with a small amount of training. We need to stand up and be heard.


The task looks daunting but it must start somewhere. A small group of us started just a few years ago and we have accomplished a great deal. Just think of the possibilities when more people get involved.


Please join us!


Drop a line to [email protected]



Dean Ford, CAP


Dean’s 20+ year career has dealt with manufacturing and automation. He serves the automation industry in many capacities. He serves the 250 automation professionals of Glenmount Global Solutions as VP of Automation and Information Solutions. He is an active Senior Member in the International Society of Automation and serves on the ISA99, and ISA101 Standards Committees. He is active with Automation Federation. He actively mentors others in the profession and recently started an automation profession blog to continue promoting the profession online ( Dean is a 2010 Control Engineering Leaders Under 40. He is member of Project Management Institute’s Troubled Projects and Automation Communities.


[1] Alan Bullock & Stephen Trombley, The New Fontana Dictionary of Modern Thought, London: Harper-Collins, 1999, p.689


[1] Online edition of the Merriam-Webster dictionary


[1] Automation Federation website


[1] Automation Federation Press Release on the Automation Competency Model


[1] Automation Federation Press Release on the Automation Competency Model


[1] The model as it exists today at Career One Stop website


[1] Document of the Automation Competency Model found on the Career One Stop website Helpline (lower right hand side of the webpage)


[1] Automation Federation website


[1] ISA CSE website


[1] ISA CCST PowerPoint Overview Presentation found on ISA CCST website


[1] ISA CAP PowerPoint Presentation #1 found on ISA CAP website


[1] Automation Federation website


The ISA I Know by Nick Sands

As I was working to formulate some of the feelings I have about the only professional society that fits us, ISA, I thought back to a fantastic post by Nick Sands early this year.  Nick has been active in ISA for many years and is probably the most influential on me getting involved.  I found it an excellent read and very helpful in reminding us why we get involved in organizations such as ISA.

reprinted in its entirity with permission from Nick Sands.

Over the last 7 years I have had the opportunity to be a part of some very good things through ISA; the development of the Certified Automation Professional (CAP) program, the development of the ANSI/ISA-18.2 standard on the Management of Alarm Systems in the Process Industries, and the new Applications in Automation Conference, among others. These three activities exemplify some of the great parts of my ISA experience.  My conclusion: it really has been the case that the more you put in, the more you get out.

In the spring of 2003, in Memphis at my first ISA leaders meeting, I was looking for a program that we could use in my company to recognize process control competency. I talked with several leaders and was directed to Vernon Trevathan and Dale Lee. Vernon was pitching the Certified Automation Professional program to ISA leadership. We talked and later Vernon, an ISA Fellow and member of the Control magazine Control Hall of Fame, invited me to be a part of the CAP development team. There were many experienced professionals from many companies involved in meetings early in 2004. Many of us met again to write test questions for the exam, and still more met to assemble the exam from the questions. By the fall of 2004 there was a certification program for Automation Professionals, following the ANSI/ISO/IEC standard. Several of us from the development team became CAPs.

It was an impressive effort, funded by the new venture investment program at ISA. It took some time for the ideas to be formulated and reformulated, but with the incredible passion of Vernon, and the support of many ISA leaders, a new certification program was launched. Since that launch, the CAP program has steadily gained acceptance, albeit more slowly than hoped. Still the related training and books has are in high demand, so the evidence indicates a good level of interest.

I extracted some lessons from the experience, not necessarily new, but still lessons.

  • One person can make a difference. Without the passion and energy of Vernon Trevathan there would be no CAP program.
  • Together we are much smarter than we are alone. No one person had all the answers during the program development.
  • People don’t always want what they ask for. A survey showed 80% of respondents would be interested in getting CAP. The numbers show far fewer actually have applied.
  • Success (genius) is 99% perspiration and 1% inspiration. It takes work to make ideas reality. Without the work, the ideas mean nothing.

In the fall of 2003, at my second ISA leaders meeting, Vic Maggioli, then VP of the ISA Standards and Practices Department, asked me to get involved with the ISA-18 standard committee and help get a new standard written. At the short committee meeting we approved a scope and then went forth to built the team that could write the standard. It took 6 months to get much of the committee collected. It took almost 2 years to get the work processes down and the first real draft. It took another 2.5 years to get to the standard to the ballot stage and then another 6 months to work that process through to approval. In the end a committee ~90 people, with ~40 active members and ~25 voting members submitted and addressed ~8000 comments. Conservatively, it took over 10 person years to produce ANSI/ISA-18.2-2009 Management of Alarm Systems for the Process Industries. I think it will have a very positive impact on industry.

Co-chairing ISA-18 with Donald Dunn has been one of the greatest learning experiences of my life. Along the way I learned quite a bit about how alarms are used in different companies and industries, and how standards are written and edited, but mostly about how to work with people. Every person brought their own views and biases, including me. Some came with a bias that their view was always right. Then, we got to know each other and began to appreciate the views of others. That led to consensus, and in the end, to a standard. It is not perfect, but it is quite good I think.

Again I extracted some lessons from the experience.

  • A few people can make a difference. Without the passion and energy of the core group, there would be no ISA-18.2 standard.
  • Together we are much smarter than we are alone. No one person had all the answers during the standard development.
  • Success (genius) is 99% perspiration and 1% inspiration. It takes work to make ideas reality. Without the work, the ideas mean nothing.

Though I have had the opportunity to be part of many ISA teams that have completed many projects over those 7 years, the last example I wanted to share is one that has me excited today, the ISA Mid-Atlantic Applications in Automation conference ( ). The Applications in Automation conference is a small technical conference born of the desire for local talent to share their knowledge and experience with local people. This 3-day event in Wilmington, DE, March 23-25, features 2 days of training with a technical conference on the middle day. The conference committee consists of members of the local sections and requires no support from ISA headquarters. We are very optimistic about the conference.

Leading this team of exceptional volunteers has been very exciting. Each person brings their own talents. Together we are able to do things we could never do alone. All it took to get some of these talented people to join the effort was the opportunity. They wanted to be a part of something like this. They only needed the opportunity. And it is fun.

From this experience I have again extracted a few lessons.

  • A few people can make a difference. Without the passion and energy of the team, there would be no conference.
  • Together we are much smarter than we are alone. No one person had all the ideas for this conference.
  • Success (genius) is 99% perspiration and 1% inspiration. It takes work to make ideas reality. Without the work, the ideas mean nothing.

These experiences at ISA, among others, are why I continue to volunteer my own time. I have found it very rewarding personally. It seems to me that there are very few limits on what you can do if you really put the time into it and you get a few people to work with you. There are people willing to work with you. I have no bone to pick, no wrong to right, no point to make, only some experience to share, and a few lessons I seem to learn again and again.

Thanks Nick for your dedication and professionalism.  I look forward to many years of working with you in promoting our profession.


Automation Competency Model hits Primetime!!

The U.S. Department of Labor has just launched a case summary for the Automation Competency Model.  The Case summary appears on DOL’s CareerOneStop Site.

The Summary discusses how the Automation Competency Model is being put into action.  This Case Summary illustrates the commitment by DOL to keep the Automation Competency Model front and center to address the need to develop the “Next Generation of Automation Professionals” and to also show the strong partnership that has been forged between the DOL and AF.

Thank you Mike!!

See the note below from Mike Marlowe.  The article is important but I also want to introduce you to a very important person to our efforts.  For those of you that don’t know Mike, he is staff for the Automation Federation.  He has been crucial  in our efforts to build the profession.  Mike is very well connected in Washington DC and has been instrumental in getting our meetings set up with the ministry level folks in the US government and other international organizations.  We simply would not be as far as we are today with the efforts of Mike.

Good Morning and Afternoon,

The U.S. Department of Labor has just launched a case summary for the Automation Competency Model.  The Case summary appears on DOL’s CareerOneStop Site.

The Summary discusses how the Automation Competency Model is being put into action.  This Case Summary illustrates the commitment by DOL to keep the Automation Competency Model front and center to address the need to develop the “Next Generation of Automation Professionals” and to also show the strong partnership that has been forged between the DOL and AF.


The Automation Federation was started by the ISA as an organization of similar organizations.  The strategy is that together, we can accomplish more.  

The Automation Federation got off to a rocky start and quickly discovered that their strategies had to be redirected toward defining and championing our profession in an inclusive manner outside of ISA.  Unfortunately, there are still a few ISA volunteer leaders and others who either do not comprehend the value of the Automation Federation or have not taken the time and effort to understand what AF accomplishments mean to the profession and ISA itself.  Yes, the ISA is the only funding source right now but for the minimal budget that it has allocated, we are accomplishing great things.  The small band of active volunteers in the AF are doing all of their work without receiving funds from AF or ISA for travel unlike some other volunteer leaders in ISA. 

With a focused mission, AF is now a clear powerhouse in accomplishing what it is tasked to do. I personally find it satisfying that ISA sponsors this organization and that more leaders now understand the ramifications to the Society and to Automation with each successful AF initiative.  If the mission of the ISA is to represent its members, AF’s is to represent the automation profession where it is unrecognized for the vital key to manufacturing that it is enlisting the help of ISA and other like-minded organizations who are AF members.  Thankfully, recent ISA staff and volunteer leadership have diligently worked to make this reality.  I would like to ask you all to let your ISA leadership know that you support the work of the Automation Federation and the importance of CAP.

And, if you get a chance, send a thank you to Mike.