Our Business:

We are a small business with an enterprise-level background based in Frederick, Maryland. We are focused on identifying network and system security weaknesses.

Our main goal is simple:  to provide organizations with an understanding of their network’s potential issues. This, in turn, ensures that your unique system risks are identified and solutions are appropriately planned to provide an effective and prioritized set of actions.

We bring decades of enterprise-level experience and knowledge to our current small business clients. We are aware the smaller businesses will not have the funds of our previous government agency clients. Therefore, we do our best to offer our extensive experience at an affordable rate. Small businesses have the same needs as larger organization to access information and other organizations for business support. 

It is imperative that each business, regardless of their size, be able to protect their information systems. At Duffy Compliance Services, we understand you are not in the security business. We want you to be able to concentrate on what your business does. No one can remove every potential of a site compromise, but we can prepare your systems to reduce the risk of it happening and training your staff how to react if it does.

Our Experience:

Consulting:


  • IT Service Companies
  • Healthcare Providers on DR / COOP planning
  • Financial Loan Office security architecture and compliance mandates

Assessments:


  • Large Professional Entertainment Organization
  • IT Service Companies
  • Commercial SaaS Web Applications
  • Insurance Companies
  • Trucking Supply Stores
  • Electric Car Charging Provider

Compliance:


  • Risk and Compliance Audits
  • Compliance with CMMC
  • Compliance with HIPAA Security Rule
  • Compliance with Protecting DFAR / CUI
  • Compliance with Cybersecurity Framework (CSF)
  • Compliance with FISMA

Executives:

Shawn Duffy

President

Duffy Compliance Services President and CEO Shawn Duffy has been involved in the IT security industry since the moment he left college in 1992. In one of his first roles, he became the lead administrator in support of an environment containing 250 remote sites. He has worked with some of the very first firewall appliances and built some of the first Access Control Lists (ACLs) before many network devices even had the capability to use them.

Shawn Duffy has a proven track record with extensive experience in leading and supporting Information Assurance and System Security programs. His focus is network and information security in Maryland. He has experience in sales, security engineering, and as a contributor with large contractors, such as Northrop Grumman and General Dynamics, in risk and vulnerability management and government compliance.  Focus areas include: CMMC, DFARS/CUI, FISMA, Threat Management, and Vulnerability Assessments and Penetration Testing.

“I believe every business should be as knowledgeable about their systems as possible. Whether you are looking to validate the work of your IT staff or just looking to augment their capabilities, we want to be a part of your solution as trusted consultants. Risk is not about which products you choose to protect your network, it is about your resistance to exposure.”

– Shawn Duffy, President, Duffy Compliance Services, LLC.

Our Team:

Dawn Michelle Shuler - Duffy Compliance Services

Dawn Shuler

Integrator

Dawn Shuler is the Integrator for Duffy Compliance Services. (Integrator is akin to Chief Operating Officer and comes from the EOS – Entrepreneurial Operating System – made famous by Gino Wickman in his book Traction.) As Integrator, Dawn coordinates the three main areas of the business: Marketing & Sales, Operations, and Finance & Administration. She brings almost two decades of experience assisting, managing, and leading businesses, and she has a deep passion for systems and processes. She loves being creative, and she gets excited creating a spreadsheet or new system. Dawn lives in Maryland with her husband Mark and cat Kojo, and occasionally is visited by her two adult daughters. In her spare time, she hikes, quilts, and paints.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Steve Medellin

Director of Client Services

Steve is our Director of Client Services at Duffy Compliance Services, bringing a wide array of skills and experiences. He is a seasoned ISO Auditor with over 25 years of experience in a variety of ISO/IEC Standards, conducting external and internal audits, strategic marketing, business development, sales, and program development/leadership efforts. Steve was also an integral part of the team who launched and grew the A2LA FedRAMP Accreditation program. At Duffy Compliance, he appreciates that the work we do has a positive impact on individuals and businesses by helping them protect what is important to them. In his spare time, Steve likes spending time with his family and enjoys mountain biking.

Troy Smith

Troy Smith

Senior Compliance Auditor

Troy Smith is a Senior Compliance Auditor at Duffy Compliance with over fifteen years of service supporting the Department of Defense, Department of Homeland Security, and Federal government customers in various fields of compliance, insider threats, computer forensics, intrusion analysis, computer incident response, cyber security training, and seizure of digital evidence. He is also a Certified Technical Trainer (CTT+) in computer incident response, computer forensics, and cyber security training. At Duffy Compliance, he enjoys helping our clients make informed decisions relating to cyber and digital security posture. In his spare time, Troy enjoys eating Maryland Blue Crabs, riding go-carts, attending high school and college sporting events, hiking, and laughing at nothing.

William Gafford - Duffy Compliance Services

William Gafford

Senior Compliance Auditor

William Gafford is a Senior Compliance Auditor for Duffy Compliance Services, leading compliance efforts for clients. William was a Staff Officer for the CIA for a decade where he designed, built, and deployed systems to meet ICD 503 standards. He also ran the NOC for the Office of Technical Collections for four years and was the Tactical Communications Specialist for Afghanistan for over one year. William lives in Winchester with his new wife and two kids. In his spare time, he likes to play with his kids, golf, and make his cars go faster.

James Duffy - Duffy Compliance Services General Manager

James Duffy

Cybersecurity Consultant / General Manager

As General Manager, James is the glue that holds the various departments of Duffy Compliance together. He is responsible for project/finance tracking, documentation, and support for our CMMC PaaS solution. He’s been with Duffy Compliance since 2014, and graduated from UMBC in 2021 with a bachelor’s degree in Computer Science (Cybersecurity track) with a minor in mathematics. In his spare time, he likes to play videogames and hang out with friends, and every once in a while he composes electronic music.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Rob “Deker” Dekelbaum

Technical Lead

As Technical Lead at Duffy Compliance Services, Rob is responsible for technical remediation and integration for our clients. With 20+ years of experience in networking and security technology, he has functioned at all levels from phone support, administrator, developer, technical manager, and C-level technical advisor. When he’s not hacking all things digital, Deker hacks the physical world as a blacksmith, custom knifemaker, and amateur archaeometallurgist.