Home » About Us

Our Business:

We are a small business with an enterprise-level background based in Frederick, Maryland. We are focused on identifying network and system security weaknesses.

Our main goal is simple:  to provide organizations with an understanding of their network’s potential issues. This, in turn, ensures that your unique system risks are identified and solutions are appropriately planned to provide an effective and prioritized set of actions.

We bring decades of enterprise-level experience and knowledge to our current small business clients. We are aware the smaller businesses will not have the funds of our previous government agency clients. Therefore, we do our best to offer our extensive experience at an affordable rate. Small businesses have the same needs as larger organization to access information and other organizations for business support. 

It is imperative that each business, regardless of their size, be able to protect their information systems. At Duffy Compliance Services, we understand you are not in the security business. We want you to be able to concentrate on what your business does. No one can remove every potential of a site compromise, but we can prepare your systems to reduce the risk of it happening and training your staff how to react if it does.

Our Experience:


  • IT Service Companies
  • Frederick Healthcare Providers  on DR / COOP planning
  • Financial Loan Office security architecture and compliance mandates


  • Large Professional Entertainment Organization
  • IT Service Companies
  • Commercial SaaS Web Applications
  • Insurance Companies
  • Trucking Supply Store
  • Electric Car Charging Provider


  • Risk and Compliance Audits
  • Compliance with CMMC
  • Compliance with HIPAA Security Rule
  • Compliance with Protecting DFAR / CUI
  • Compliance with Cybersecurity Framework (CSF)
  • Compliance with FISMA


Duffy Compliance Services President and CEO Shawn Duffy has been involved in the IT security industry since the moment he left college in 1992. In one of his first roles, he became the lead administrator in support of an environment containing 250 remote sites. He has worked with some of the very first firewall appliances and built some of the first Access Control Lists (ACLs) before many network devices even had the capability to use them.

Shawn Duffy has a proven track record with extensive experience in leading and supporting Information Assurance and System Security programs. His focus is network and information security in Maryland. He has experience in sales, security engineering, and as a contributor with large contractors, such as Northrop Grumman and General Dynamics, in risk and vulnerability management and government compliance.  Focus areas include: CMMC, DFARS/CUI, FISMA, Threat Management, and Vulnerability Assessments and Penetration Testing.

“I believe every business should be as knowledgeable about their systems as possible. Whether you are looking to validate the work of your IT staff or just looking to augment their capabilities, we want to be a part of your solution as trusted consultants. Risk is not about which products you choose to protect your network, it is about your resistance to exposure.” – Shawn Duffy, President, Duffy Compliance Services, LLC.

Shawn Duffy, President