Our Business:

We are a small business with an enterprise-level background based in Frederick, Maryland. We are focused on identifying network and system security weaknesses.

Our main goal is simple:  to provide organizations with an understanding of their network’s potential issues. This, in turn, ensures that your unique system risks are identified and solutions are appropriately planned to provide an effective and prioritized set of actions.

We bring decades of enterprise-level experience and knowledge to our current small business clients. We are aware the smaller businesses will not have the funds of our previous government agency clients. Therefore, we do our best to offer our extensive experience at an affordable rate. Small businesses have the same needs as larger organization to access information and other organizations for business support. 

It is imperative that each business, regardless of their size, be able to protect their information systems. At Duffy Compliance Services, we understand you are not in the security business. We want you to be able to concentrate on what your business does. No one can remove every potential of a site compromise, but we can prepare your systems to reduce the risk of it happening and training your staff how to react if it does.

Our Experience:


  • IT Service Companies
  • Healthcare Providers on DR / COOP planning
  • Financial Loan Office security architecture and compliance mandates


  • Large Professional Entertainment Organization
  • IT Service Companies
  • Commercial SaaS Web Applications
  • Insurance Companies
  • Trucking Supply Stores
  • Electric Car Charging Provider


  • Risk and Compliance Audits
  • Compliance with CMMC
  • Compliance with HIPAA Security Rule
  • Compliance with Protecting DFAR / CUI
  • Compliance with Cybersecurity Framework (CSF)
  • Compliance with FISMA


Shawn Duffy, CISSP


Duffy Compliance Services President and CEO Shawn Duffy has been involved in the IT security industry since the moment he left college in 1992. In one of his first roles, he became the lead administrator in support of an environment containing 250 remote sites. He has worked with some of the very first firewall appliances and built some of the first Access Control Lists (ACLs) before many network devices even had the capability to use them.

Shawn Duffy has a proven track record with extensive experience in leading and supporting Information Assurance and System Security programs. His focus is network and information security in Maryland. He has experience in sales, security engineering, and as a contributor with large contractors, such as Northrop Grumman and General Dynamics, in risk and vulnerability management and government compliance.  Focus areas include: CMMC, DFARS/CUI, FISMA, Threat Management, and Vulnerability Assessments and Penetration Testing.

“I believe every business should be as knowledgeable about their systems as possible. Whether you are looking to validate the work of your IT staff or just looking to augment their capabilities, we want to be a part of your solution as trusted consultants. Risk is not about which products you choose to protect your network, it is about your resistance to exposure.”

– Shawn Duffy, President, Duffy Compliance Services, LLC.

Our Team:

Dawn Michelle Shuler - Duffy Compliance Services

Dawn Shuler


Dawn Shuler is the Integrator for Duffy Compliance Services. (Integrator is akin to Chief Operating Officer and comes from the EOS – Entrepreneurial Operating System – made famous by Gino Wickman in his book Traction.) As Integrator, Dawn coordinates the three main areas of the business: Marketing & Sales, Operations, and Finance & Administration. She brings almost two decades of experience assisting, managing, and leading businesses, and she has a deep passion for systems and processes. She loves being creative, and she gets excited creating a spreadsheet or new system. Dawn lives in Maryland with her husband Mark and cat Kojo, and occasionally is visited by her two adult daughters. In her spare time, she hikes, quilts, and paints.

Rob "Deker" Dekelbaum - Duffy Compliance Services

Steve Medellin

Director of Client Services

Steve is our Director of Client Services at Duffy Compliance Services, bringing a wide array of skills and experiences. He is a seasoned ISO Auditor with over 25 years of experience in a variety of ISO/IEC Standards, conducting external and internal audits, strategic marketing, business development, sales, and program development/leadership efforts. Steve was also an integral part of the team who launched and grew the A2LA FedRAMP Accreditation program. At Duffy Compliance, he appreciates that the work we do has a positive impact on individuals and businesses by helping them protect what is important to them. In his spare time, Steve likes spending time with his family and enjoys mountain biking.

James Duffy - Duffy Compliance Services General Manager

James Duffy

Cybersecurity Consultant / General Manager

As General Manager, James is the glue that holds the various departments of Duffy Compliance together. He is responsible for project/finance tracking, documentation, and support for our CMMC PaaS solution. He’s been with Duffy Compliance since 2014, and graduated from UMBC in 2021 with a bachelor’s degree in Computer Science (Cybersecurity track) with a minor in mathematics. In his spare time, he likes to play videogames and hang out with friends, and every once in a while he composes electronic music.