Our Business:

Duffy Compliance is a consulting firm with an enterprise-level background based in Maryland, serving companies nation-wide. We provide the guidance businesses need to get and stay compliant.

Our main goal is simple: to simplify your compliance process, safeguard your information systems, and help you achieve accreditation with as little stress on your part as possible.

We bring decades of enterprise-level experience and knowledge to our current clients. We have several solutions to meet a multitude of different environments.  We have been working with NIST 800-171 since its inception.  We do our best to offer our extensive experience at an affordable rate.

Our Experience:

  • Consulting:
  • Fractional Compliance Officer
  • IT Services Companies
  • DR / COOP planning
  • Financial Loan Office security architecture and compliance mandates
  • Assessments:
  • Large Professional Entertainment Organization
  • IT Service Companies
  • Commercial SaaS Web Applications
  • Insurance Companies
  • Compliance:
  • Compliance with FTC Safeguards Rule
  • Compliance with CMMC
  • Risk and Compliance Audits
  • Compliance with Protecting DFAR / CUI
  • Compliance with Cybersecurity Framework (CSF)
  • Compliance with FISMA


Shawn Duffy, President of Duffy Compliance

Shawn Duffy, CISSP


Duffy Compliance Services President and CEO Shawn Duffy has been involved in the IT security industry since the moment he left college in 1992. In one of his first roles, he became the lead administrator in support of an environment containing 250 remote sites. He has worked with early firewall appliances and built some of the first Access Control Lists (ACLs) before many network devices even had the capability to use them.

Shawn Duffy has a proven track record with extensive experience in leading and supporting Information Assurance and System Security programs. He has experience in sales, security engineering, and as a contributor with large contractors, such as Northrop Grumman and General Dynamics, as well as in risk and vulnerability management and government compliance.  Focus areas include: CMMC, DFARS/CUI, FISMA, Threat Management, Vulnerability, Assessments and Penetration Testing.

Shawn Duffy, President of Duffy Compliance

“I believe every business should be as knowledgeable about their systems as possible. Whether you are looking to validate the work of your IT staff or just looking to augment their capabilities, we want to be a part of your solution as trusted consultants. Risk is not about which products you choose to protect your network, it is about your resistance to exposure.”

– Shawn Duffy, President, Duffy Compliance Services, LLC.

Our Team:

Dawn Michelle Shuler - Duffy Compliance Services

Dawn Shuler


Dawn Shuler is the Integrator for Duffy Compliance Services. (Integrator is akin to Chief Operating Officer and comes from the EOS – Entrepreneurial Operating System – made famous by Gino Wickman in his book Traction.) As Integrator, Dawn coordinates the three main areas of the business: Marketing & Sales, Operations, and Finance & Administration. She brings more than two decades of experience assisting, managing, and leading businesses, and she has a deep passion for systems and processes. She loves being creative, and she gets excited creating a spreadsheet or new system. Dawn lives in Virginia with her husband Mark and cat Kojo, and occasionally is visited by her two adult daughters. In her spare time, she hikes, quilts, and paints.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Steve Medellin

Director of Client Services

Steve is our Director of Client Services at Duffy Compliance Services, bringing a wide array of skills and experiences. He is a seasoned ISO Auditor with over 25 years of experience in a variety of ISO/IEC Standards, conducting external and internal audits, strategic marketing, business development, sales, and program development/leadership efforts. Steve was also an integral part of the team who launched and grew the A2LA FedRAMP Accreditation program. At Duffy Compliance, he appreciates that the work we do has a positive impact on individuals and businesses by helping them protect what is important to them. In his spare time, Steve likes spending time with his family and enjoys mountain biking.

John Williams - Penetration Testing Manager - Duffy Compliance

John Williams

Penetration Testing Manager

John Williams heads the penetration testing side of Duffy Compliance. With 14 years’ experience, he manages a team of pen testers who themselves have years of experience, along with CISSP certifications. John loves using data to make order out of chaos, and in his spare time, he rides motorcycles and plays golf.

Subscribe to Our Monthly Newsletter

Free education for cybersecurity.


Your personal information will not be shared and you are able to unsubscribe at any time.