Gryphon Investors has acquired Fortreum in partnership with the founders of the cybersecurity services firm.
Fortreum provides cybersecurity services that help companies meet federal and commercial compliance standards. Its work spans regulatory audits, security advisory support, and technical testing, including penetration testing – where professionals simulate real-world cyberattacks on a company’s systems, applications, or networks – and continuous monitoring in real time or near-real time to detect security threats and performance issues.
A core service of the company is XRAMP, a software platform that supports ongoing compliance monitoring. Unlike traditional audits that happen at set intervals, XRAMP offers continuous validation, aiming to simplify how companies meet cybersecurity requirements.
Customers of Fortreum include cloud service providers, federal contractors, and other companies operating in regulated industries that must demonstrate consistent cybersecurity readiness. Fortreum was founded in 2020 and is headquartered near Washington DC in Lansdowne, Virginia.
Gryphon partnered with Fortreum’s founders on this transaction with the management team retaining a significant equity stake. James Leach, co-founder and chief executive officer, and Michael Carter, co-founder and president, will continue to lead the business in partnership with Gryphon.
“Fortreum perfectly matches with the core investment criteria of Gryphon’s technology solutions and services group (TSSG),” said Gabe Stephenson, a deal partner at Gryphon and the co-head of TSSG, and Clint Kadolph, a principal in TSSG, in a released statement. “The company is in a high-growth market with exciting secular tailwinds, is clearly an emerging market leader, provides customers with a compelling value proposition that translates to attractive economics, and has a backable team that shares an ambitious view of the future with us. We have been actively evaluating the cybersecurity space for the last several years and believe that Fortreum sits in the most attractive segment of cybersecurity.”
“We see a compelling opportunity to help scale a next-generation cybersecurity platform,” said Vikram Mahidhar, operating partner and TSSG co-head, and Pavan Arora, head of Gryphon’s AI team, in a released statement. “Combining Fortreum’s deep regulatory and technical expertise with Gryphon’s AI and automation capabilities will significantly enhance the value XRAMP delivers to clients and accelerate the build-out of the industry’s defining platform for modern compliance and continuous assurance.”
Gryphon is based in San Francisco and makes leveraged acquisitions and growth investments in middle-market companies. The firm invests from $50 million to $500 million of capital in companies with enterprise values ranging from $100 million to $600 million and EBITDA of up to $80 million. Sectors of interest include business services, consumer products and services, healthcare, industrial growth, and software.
AGC Partners was the financial advisor to Fortreum, and J.P. Morgan was the financial advisor to Gryphon.
