About Iron Compass
Founded on the belief that organizations need direction, not just documentation.
The Origin
Iron Compass started with a simple observation: most organizations don't fail compliance audits because they lack tools. They fail because they lack direction.
After years of working inside enterprises — building Azure environments, securing Microsoft 365 tenants, navigating HIPAA audits, and implementing NIST frameworks — we saw the same pattern repeat. Every organization has its own compliance terrain: different regulatory exposure, different technical debt, different risk appetite. But they were all getting the same off-the-shelf playbook.
The missing piece was never technology. It was a clear-eyed assessment of where they stood and a concrete plan for where they needed to go. A compass, not another product catalog.
We founded Iron Compass to be that independent voice — the advisor who starts with your compliance requirements, maps them to your real environment, and gives you a prioritized roadmap. No products to push. No managed services contract to upsell. Just honest assessment and expert guidance.
Why "Compass"?
A compass doesn't move you. It shows you which way to go. That's our role: we assess your current position, identify true north for your compliance goals, and give you the bearing.
The "Iron" represents durability and strength. Our assessments aren't checkbox exercises — they're built to withstand auditor scrutiny, board-level questions, and the evolving threat landscape.
Our Team
Two practitioners who chose advisory over everything else.
Joe Ristine
Co-Founder & Principal Consultant
Former Microsoft Cloud Solution Architect in the financial services industry — supporting F100 clients including Fidelity and Northern Trust — and former Principal Engineer at Navy Federal Credit Union, where he built the Cloud DevOps practice from scratch and led enterprise-scale Azure platform and security programs across two regions. Since 2023, his independent practice has delivered Azure security architecture and compliance readiness for regulated financial institutions, healthcare organizations, and GovCon environments on Azure Government GCC High — including identity hardening, privileged access management, and network security architecture for a major alternative investment firm, and cloud governance work at a $1.5B health system. Assessments map to HIPAA, NYDFS Part 500, GLBA, CMMC 2.0, and cyber insurance underwriting requirements, with findings structured for executive and board audiences. He holds Microsoft's three Expert-level certifications: Azure Solutions Architect Expert, DevOps Engineer Expert, and Cybersecurity Architect Expert.
Matt Bishop
Co-Founder & Principal Consultant
Dual Microsoft MVP (Developer Security + Enterprise Security). Currently Principal Architect at Bitwarden (10M+ users, SOC 2/ISO 27001). Co-founded iMobile3 (acquired by TSYS 2018). Led engineering through Olo IPO (NYSE 2021). AVP at Navy Federal Credit Union ($15MM P&L, 60+ engineers). Georgia Tech Trustee (2024-2027, $8MM annual budget). Matt translates dense framework requirements into executable programs that security teams can follow.
What Drives Us
Honesty over revenue
If you don't need a service, we'll tell you. Our reputation is worth more than any single engagement.
Alignment, not checklists
We don't just check boxes. We align your security controls, business processes, and compliance obligations so the whole system works without friction.
AI as accelerator
We use AI to do the tedious work faster — policy drafting, evidence collection, gap mapping — so our experts spend time on judgment, not formatting.
Let's find your bearing.
Start with a conversation. We'll listen, assess, and tell you honestly what we think.
Get in Touch