Steel Root and C3 merge, supported by a substantial equity investment from M|C Partners


We are excited about the future of the new C3 – a service provider that is purpose-built to help the defense industrial base manage technology and security environments to meet CMMC requirements. This is a dynamic, fast growing market for a critical service. We’re thrilled to bring together two of the best teams in the industry and offer the DIB a comprehensive solution to deploy and manage compliant technology environments.

November 16, 2022

ARLINGTON, Virginia and SALEM, Massachusetts

Two IT and cybersecurity leaders that specialize in securing the nation’s Defense Industrial Base (DIB) announced their merger today, creating a CMMC-centric managed services company focused on meeting the needs of government contractors. C3 Integrated Solutions, a full-service IT provider specializing in cloud-based solutions including Microsoft 365 GCC High, and Steel Root, a cybersecurity services provider specializing in Cybersecurity Maturity Model Certification (CMMC) compliance, have merged to provide defense contractors end-to-end managed services that streamline the technical and administrative burden of regulatory compliance. Most urgently, this includes CMMC, a robust set of cybersecurity controls designed to protect Controlled Unclassified Information (CUI) on contractor networks.

The new company will operate under the C3 Integrated Solutions name and will offer comprehensive DIB solutions anchored around Steel Root’s CMMC-centric managed services platform. Marc Pantoni, formerly President of Thrive, joins as CEO of the combined entity, and new investment from M/C Partners will be used to extend service capabilities to serve the unique needs of the DIB.

C3 and Steel Root are first to provide an end-to-end CMMC solution, covering 100% of the tech requirements for Level 2.Tweet this

The DIB’s Urgent Need for End-to-End CMMC Solutions

The DIB’s 300k+ contractors face immediate pressure to meet CMMC requirements with CMMC expected to hit contracts in 2023. This pressure is magnified for small-to mid-sized contractors who may not have an experienced cybersecurity service provider that offers a holistic compliance solution which meets both technical and non-technical requirements.

Through this merger, Steel Root and C3 fill this market gap by offering a purpose-built solution designed to help government contractors accelerate their CMMC readiness and manage compliant environments. Defense contractors searching to find a single provider that can competently address their full range of CMMC requirements can rely on the newly combined company to:

  • Educate clients on CMMC requirements and their applicability to their environment
  • Deliver an end-to-end plan for meeting those requirements while minimizing business impact
  • Implement, manage, and update a CMMC-ready system that covers 100% of CMMC Level 2 technical requirements
  • Provide robust, assessment-ready documentation to prove compliance
  • Guide clients on non-technical CMMC requirements, such as the adoption and implementation of policies, processes, and other non-technical controls
  • Provide technical guidance on leveraging Microsoft cloud solutions for compliance

“Individually, both C3 and Steel Root have demonstrated a deep commitment to helping the Defense Industrial Base operate securely and meet critical compliance requirements,” said Travis Keller, Partner at M|C Partners. “That shared vision will enable them to capitalize on the urgent market need for trustworthy compliance partners by leveraging the strengths of both companies: Steel Root’s deep cybersecurity and compliance expertise and C3’s long history of delivering Microsoft-based IT services to government contractors. We are committed to supporting their growth as they protect our country’s sensitive information.”

A Unified Approach to CMMC Compliance

Steel Root’s CMMC solution, including its industry-leading CMMC Reference Architecture will be combined with the product portfolio of C3’s broader suite of IT services, including Microsoft GCC High. The company will also build off of C3’s pedigree as one of Microsoft’s original five AOS-G members to advance its existing GCC High implementation and guidance services, including offering compliance support for legacy environments.

“Our clients partner with Steel Root because we help them address CMMC comprehensively, and they value the certainty they get from our disciplined approach,” said Ryan Heidorn, chief technology officer of the new company. “What’s been missing from that focused approach, however, has been our ability to address the IT and security needs of the business holistically, to simplify licensing and support large-scale projects. We have long respected C3 as the go-to AOS-G partner for the defense community and a powerhouse in IT services. With this merger, we can not only meet our clients’ needs more broadly, but also reach more potential clients, including those that have traditionally shied away from an end-to-end CMMC solution.”

“We take pride in the trust our clients place in C3, and that trust is reflected in the long-term partnerships we’ve built with them,” added Bill Wootton, the company’s new chief revenue officer. “Government contractors rely on our ability to anticipate their needs and craft service offerings that meet them. We can tell that the demand for what Steel Root offers—a comprehensive CMMC solution built explicitly to meet contractual cybersecurity requirements—is growing exponentially. Together, we become the comprehensive DIB partner the industry has been needing.”

Managed Services Provider Leader Marc Pantoni Joins as CEO

Marc Pantoni has been appointed CEO of the combined entity. Formerly the president of Thrive, Pantoni is an accomplished MSP executive with a proven background in operations, compliance, service delivery, integration, and platform architecture. He brings extensive experience successfully scaling organizations to meet rapid growth objectives and was responsible for developing and executing Thrive’s corporate strategic initiatives, including the integration of all acquisitions.

He adds, “What’s exciting about the opportunity ahead is that we’re seeing the convergence of three critical conditions: urgency in the form of enforced regulatory pressures, the need for relevant technical and compliance expertise within our client base, and a vendor market filled with ineffective, incomplete solutions. We have an incredible opportunity to demonstrate leadership through the delivery and management of a CMMC-focused managed services platform that gives our clients the confidence to focus on running their businesses while relying on us to holistically address their compliance requirements.”

More information about the merger can be found on both companies’ blogs:

About M/C Partners

M/C Partners is a private equity firm focused on small and mid-size businesses in the digital infrastructure and technology services sectors. For more than three decades M/C Partners has invested $2.4 billion of capital in over 140 companies, leveraging its deep industry expertise to understand long-term secular trends and identify growth opportunities. The firm is currently investing its eighth fund, partnering with promising companies and leadership teams to support, scale, and improve operations and maximize value. For more information, visit

About C3 Integrated Solutions

C3 Integrated Solutions is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB). As a leading provider of Microsoft 365 GCC High and Azure Government, and one of the original five Microsoft partners to provide GCC High, C3 specializes in helping their clients deploy and manage the technologies and services to meet NIST 800-171 and CMMC requirements.

C3 has been named to the Inc 5000 list of the fastest growing companies for three consecutive years. They have over ten years’ experience selling, deploying, and supporting Microsoft 365, including over 200 defense industry customers in GCC High. They are a CMMC Registered Provider Organization (RPO) and one of a handful of companies to successfully support the DIBCAC assessment of a C3PAO candidate. To learn more about C3, visit

About Steel Root

Steel Root accelerates CMMC compliance by implementing and managing a purpose-built cybersecurity solution designed for the U.S. Defense Industrial Base. Steel Root’s CMMC Reference Architecture brings together technology, processes, personalized guidance, and day-to-day management to ensure that government contractors of all sizes operate securely and can confidently meet CMMC requirements. Learn more about Steel Root cybersecurity and compliance offerings for federal contractors at

Contact: Danielle Dougan at 978-430-9680 pr


Cuba Burch Berner

Cuba Burch Berner is an Associate at M|C Partners, where he focuses on investment opportunities in digital infrastructure and technology services. Prior to joining the firm in 2022, Cuba was an Equity Research Associate at Citi covering infrastructure companies within the telecommunications industry, including data centers and wireless towers. He holds a B.S. in Mathematics with a specialization in Economics from the University of Chicago. Cuba currently lives in Boston’s West End and enjoys  a myriad of outdoor activities including running, swimming, hiking, and skiing.





Ascend Technologies
C3 Integrated Solutions


AccentHealth operates an out-of-home advertising network that reaches over 12,000 physician office waiting areas in the U.S. – JOHN WATKINS




James F. Wade

Jim Wade co-founded M/C Partners in 1986 with Dave Croll. He has been investing in communications and technology services since the advent of wireless and broadband, cornerstones of the firm’s sector focus. As Chairman, he manages the firm’s investment process, and continuously seeks out management teams, company prospects and financial resources to grow the portfolio. Jim’s successful track record includes MetroPCS (IPO), Lightower Holdings (acquired by Berkshire Partners), Cavalier Telephone (acquired by PAETEC), NuVox Communications (acquired by WindStream), Attenda (acquired by Darwin Private Equity), Melita (acquired by Apax Partners), PR Wireless (joint venture with Sprint affiliate in Puerto Rico), Thrive Networks (acquired/recapitalized by Court Square) and Involta (acquired by Carlyle Group). Today he serves as a director on the Board of Connectivity Wireless and has responsibility for Omega Wireless. Jim graduated from the University of Notre Dame a B.B.A in Finance and received an MBA from Harvard Business School. He lives outside Boston with his wife and four children. Jim was an avid boater and is now an average golfer.




Connectivity Wireless


Abhishek Rampuria

Abhishek (A.B.) is a Partner at M/C Partners, where he leads origination, deal diligence and portfolio company support for investments in a variety of communications and technology services segments. He currently serves on the Board of Ascend Technologies, Connectivity Wireless, Edafio Technology Partners, TowerCom and serves as a Board Observer for Thrive Networks. A.B. previously served as a Board Observer for Ensono (acquired by KKR) and QOS Networks (acquired by Zayo). Prior to joining M/C Partners in 2015, A.B. worked at Altman Solon (formerly Altman Vilandrie), a technology, media & telecommunications focused strategy consulting firm, where he completed projects for both operating companies and private equity investors. A.B. received a B.S. in Materials Science & Engineering from the Massachusetts Institute of Technology. He lives in Boston’s South End and outside of work, enjoys skiing, cycling, traveling and cheering on his home-town Patriots and Celtics.




Thrive Networks



Ascend Technologies
Connectivity Wireless
Edafio Technology Partners