Our Business:

We are a small business with an enterprise-level background based in Frederick, Maryland. We are focused on identifying network and system security weaknesses.

Our main goal is simple:  to provide organizations with an understanding of their network’s potential issues. This, in turn, ensures that your unique system risks are identified and solutions are appropriately planned to provide an effective and prioritized set of actions.

We bring decades of enterprise-level experience and knowledge to our current small business clients. We are aware the smaller businesses will not have the funds of our previous government agency clients. Therefore, we do our best to offer our extensive experience at an affordable rate. Small businesses have the same needs as larger organization to access information and other organizations for business support. 

It is imperative that each business, regardless of their size, be able to protect their information systems. At Duffy Compliance Services, we understand you are not in the security business. We want you to be able to concentrate on what your business does. No one can remove every potential of a site compromise, but we can prepare your systems to reduce the risk of it happening and training your staff how to react if it does.

Our Experience:


  • IT Service Companies
  • Healthcare Providers on DR / COOP planning
  • Financial Loan Office security architecture and compliance mandates


  • Large Professional Entertainment Organization
  • IT Service Companies
  • Commercial SaaS Web Applications
  • Insurance Companies
  • Trucking Supply Stores
  • Electric Car Charging Provider


  • Risk and Compliance Audits
  • Compliance with CMMC
  • Compliance with HIPAA Security Rule
  • Compliance with Protecting DFAR / CUI
  • Compliance with Cybersecurity Framework (CSF)
  • Compliance with FISMA


Shawn Duffy


Duffy Compliance Services President and CEO Shawn Duffy has been involved in the IT security industry since the moment he left college in 1992. In one of his first roles, he became the lead administrator in support of an environment containing 250 remote sites. He has worked with some of the very first firewall appliances and built some of the first Access Control Lists (ACLs) before many network devices even had the capability to use them.

Shawn Duffy has a proven track record with extensive experience in leading and supporting Information Assurance and System Security programs. His focus is network and information security in Maryland. He has experience in sales, security engineering, and as a contributor with large contractors, such as Northrop Grumman and General Dynamics, in risk and vulnerability management and government compliance.  Focus areas include: CMMC, DFARS/CUI, FISMA, Threat Management, and Vulnerability Assessments and Penetration Testing.

“I believe every business should be as knowledgeable about their systems as possible. Whether you are looking to validate the work of your IT staff or just looking to augment their capabilities, we want to be a part of your solution as trusted consultants. Risk is not about which products you choose to protect your network, it is about your resistance to exposure.”

– Shawn Duffy, President, Duffy Compliance Services, LLC.

Our Team:

Dawn Michelle Shuler - Duffy Compliance Services

Dawn Shuler


Dawn Shuler is the Integrator for Duffy Compliance Services. (Integrator is akin to Chief Operating Officer and comes from the EOS – Entrepreneurial Operating System – made famous by Gino Wickman in his book Traction.) As Integrator, Dawn coordinates the three main areas of the business: Marketing & Sales, Operations, and Finance & Administration. She brings almost two decades of experience assisting, managing, and leading businesses, and she has a deep passion for systems and processes. She loves being creative, and she gets excited creating a spreadsheet or new system. Dawn lives in Maryland with her husband Mark and cat Kojo, and occasionally is visited by her two adult daughters. In her spare time, she hikes, quilts, and paints.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Steve Medellin

Director of Client Services

Steve is our Director of Client Services at Duffy Compliance Services, bringing a wide array of skills and experiences. He is a seasoned ISO Auditor with over 25 years of experience in a variety of ISO/IEC Standards, conducting external and internal audits, strategic marketing, business development, sales, and program development/leadership efforts. Steve was also an integral part of the team who launched and grew the A2LA FedRAMP Accreditation program. At Duffy Compliance, he appreciates that the work we do has a positive impact on individuals and businesses by helping them protect what is important to them. In his spare time, Steve likes spending time with his family and enjoys mountain biking.

William Gafford - Duffy Compliance Services

William Gafford

Senior Compliance Auditor

William Gafford is the Chief Technical Officer for Duffy Compliance Services, driving compliance efforts for clients and creating a quality product base for our auditors to work with. William was a Staff Officer for the CIA for a decade where he designed, built, and deployed systems to meet ICD 503 standards. He also ran the NOC for the Office of Technical Collections for four years and was the Tactical Communications Specialist for Afghanistan for over one year. William lives in Winchester with his new wife and two kids. In his spare time, he likes to play with his kids, golf, and make his cars go faster.

Taylor Marrion

Taylor Marrion

Penetration Tester

Taylor Marrion is a Penetration Tester for Duffy Compliance, and he brings over a decade of experience in IT and over two years’ experience in cyber operations. Using his experience and certifications like CompTIA Sec+, CySA+, GIAC GSEC, Taylor enjoys being able to approach a system from multiple perspectives, finding out what rules are in place, and figuring out how he can get around them. He lives in Virginia with his wife Jennifer, their dog Leia, and their cat Princess Fluffy-Butt. When he’s not behind a keyboard, he plays Dungeons and Dragons, which is a great way to practice thinking creatively and improve problem-solving skills.

Thomas Smithey - Duffy Compliance Services

Thomas Smithey

Senior Compliance Auditor

Thomas Smithey is one of our Senior Compliance Auditors at Duffy Compliance Services. As a subject matter expert and trusted advisor, Thomas provides professional consulting services for cybersecurity compliance, with NIST, DFARS, CUI, CMMC, GLBA, FISMA, and other security regulations. Thomas brings over 25 years of experience delivering secure voice, data, mobile, cloud, and network information technology systems and infrastructure for enterprise, government, defense, and Internet service provider communications networks.

James Duffy - Duffy Compliance Services General Manager

James Duffy

General Manager

As General Manager, James is the glue that holds the various departments of Duffy Compliance together. He is responsible for project/finance tracking, documentation, and CUI-SafeHarbor onboarding and support. He’s been with Duffy Compliance since 2014, and he will graduate in May with a bachelor’s degree in Computer Science (Cybersecurity track) with a minor in mathematics from UMBC. In his spare time, he like to play videogames and hang out with friends, and every once in a while he composes electronic music.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Rob “Deker” Dekelbaum

Technical Lead

As Technical Lead at Duffy Compliance Services, Rob is responsible for technical remediation and integration for our clients. With 20+ years of experience in networking and security technology, he has functioned at all levels from phone support, administrator, developer, technical manager, and C-level technical advisor. When he’s not hacking all things digital, Deker hacks the physical world as a blacksmith, custom knifemaker, and amateur archaeometallurgist.