Steel for Pittsburgh. Patriot for Boston. Partners — because that's the only way we know how to work.
Steel Patriot Partners was built by people who had already been through it.
Before this company existed, the founders had spent careers deep inside the space — as contractors, as engineers, as operators building some of the first cloud environments to go through FedRAMP, as business owners who had personally navigated the compliance journey their clients now face. They didn't build this firm to sell compliance services from the outside. They built it because they knew what it looked like from the inside, and they believed that difference mattered.
It still does.
"Blue collar isn't transactional. You're with someone. You're with them to support them."
— Jason Ford, Co-Founder & CEOThat sequence is intentional. It means we start with your business — what it does, what's at risk, what a real solution looks like for your specific situation — before we talk frameworks. It means we go all the way down into the technical work, the infrastructure, the parts most firms hand off or leave alone. And it means the compliance layer reflects reality, not just paperwork.
Blue collar isn't a style. It's a commitment. You're not hiring us to check a box. You're bringing us in to actually solve something. That's how we show up.
The buyers we work with are done with vendor noise. They're done with firms that hand them a framework and call it consulting. What they trust is someone who's been through it — a business owner first, who knows what's actually at stake. That's why we built SPP the way we did. And it's why the conversations we have tend to turn into long relationships.
We don't disappear after we start.
Most compliance engagements follow a pattern: assess, deliver a report, hand it off. We're built differently. We stay in the program — through the build, through the operations, through the audits, through the moments when something breaks and needs to be fixed right.
Our five service areas — Program Assessment, Program Build, Program Operations, Program Engineering, and Executive Advisement — aren't products on a menu. They're the stages of a relationship. Most clients engage us at one point and stay through all of them.
That's not an accident. It's the model. Federal compliance doesn't end. Neither do we.
Our team is 100% US Citizens. In the federal compliance space — where access to sensitive infrastructure and government systems is routine — this isn't a differentiator we lead with. It's a baseline we hold without exception, because the work demands it and the clients we serve expect it.
100% US Citizens. Our entire team. Required, not incidental — because the work we do demands it.
Jason has been in this space since 1997, when he started as a contractor at the FBI. In 2004, he co-founded BlackMesh — one of the first cloud service providers to go through FedRAMP — and spent over a decade building it before exiting in 2017. After the acquisition, he stayed on as CISO and CTO, establishing FedRAMP governance across the combined organization before stepping away to build something new.
Steel Patriot Partners is that something new — built specifically to go after the work that others won't touch. Not just the compliance layer. The infrastructure. The vulnerabilities sitting in large environments that most firms walk past because they're afraid to break something. Jason's view has always been the opposite: go touch it, understand it, fix it properly.
His background in electrical engineering and federal compliance isn't incidental to how he runs this company. It's the whole point.
"We get things a lot of people won't even touch. Most people leave it sitting there because they're afraid. I want to go touch it, break something, and put it back together."
Amy's path into this space came through operations, not engineering — and that's exactly what makes her perspective indispensable. She spent years running IT teams that provided around-the-clock support for a FedRAMP cloud service provider, managing human resources, finance, and compliance programs simultaneously.
She built solutions for FedRAMP, PCI DSS, and HIPAA across multiple government agencies — not because she was handed the assignment, but because the work needed to get done and she was the one who made sure it did.
At SPP, Amy leads GRC services — FedRAMP, CMMC, HITRUST, SOC2, ISO27001, and more — and brings the same orientation she always has: understand the organization first, understand the risk second, build the program around both. She has never believed compliance exists for its own sake. It exists to protect something real.
"The goal is never the certification. The goal is what the certification makes possible for your business."
Michael brings over 20 years of experience across professional services, federal compliance, and cybersecurity certification. He's held senior roles at HITRUST, PwC, and Schellman — organizations at the center of how the compliance industry actually works — which means he understands the gap between what firms promise and what clients actually need.
At SPP, Michael leads growth — but his orientation is the same as the rest of the team: business owners first. He doesn't route people through sales cycles. He connects them directly to the right individuals, the right programs, and the right conversations. His network in the federal compliance space is deep, and he uses it to move fast.
Michael is Bay Area–based and is the face of SPP at industry events — including RSAC Conference, where he's known for the kind of direct, no-hype conversations that actually lead somewhere.
"We're business owners first, engineers second, compliance people third. That's not a tagline. That's the order of operations."
The ROI Workshop is the fastest way to find out where you stand and what it would actually take to move forward. Or just schedule a call. Either way, we pick up where the noise leaves off.
