Skip to content
ATO Pathways
  Log In

About ATO Pathways

ATO Pathways (formerly Complimony) is a database of security compliance assets and documents. Implement FedRAMP, FISMA, STIG, PCI-DSS, SOC2 or ISO27001 with ease.

ATO Pathways' ambition is to first become the Yelp® of Security Compliance. Then to become an instrumental toolkit for continuous ATO. In the current phase our focus is to build a knowledge system with a strong data model on top of SCAP and OSCAL standards. And present the existing policies in an easy and approachable manner to the end user.

About the Team

Šimon Lukašík

Šimon Lukašík is a consulting software engineer with a wide range of experience specialized in the SIP domains - Security, Infrastructure, Performance. Šimon has successfully executed numerous efforts in the domains relevant to ATO Pathways.

  • For over 4 years, Šimon has led the engineering team inside Red Hat's Product Technologies that implemented OpenSCAP scanner and many adjacent projects. Under his leadership OpenSCAP became the first open source scanner to receive NIST Validation. To this day OpenSCAP has protected dozens of millions of endpoints on the planet Earth and elsewhere. OpenSCAP remains to be highly regarded for its performance characteristics and strict adherence to NIST's SCAP standard.
  • During that time Šimon has become principal contributor to open source implementation of security policies (including ACSC, CIS, CJIS, C2S, DISA STIG, HIPAA, PCI-DSS and OSPP/CC) within SCAP Security Guide project that later became known as Compliance As Code.
  • Šimon has then integrated OpenSCAP security scanner with Red Hat Network Satellite 5.x as his Master's Thesis. This work has become highly regarded by customers as it allowed them to execute security audits of their environment without installing any additional auditing system.
  • Šimon co-authored a U.S. patent (US 2015/0067342A1) concerned with secure confinement of security scanners and remediation scripts.
  • In the early days of Docker, Šimon implemented the very first known container scanner.
  • Šimon has been principal advisor to the effort of Vratislav Podzimek who implemented OpenSCAP plug-in to the Anaconda Installer. Allowing fresh installation of Red Hat Enterprise Linux to first boot into a compliant state.
  • Similarly, Šimon has been principal advisor to the teams implementing OpenShift container and image scanning capabilities within Red Hat CloudForms product and Red Hat Insights service.
  • When Red Hat Network Satellite 5 was replatformed to version 6, Šimon was asked to integrate OpenSCAP scanner again with the new architecture. Part of this work was a project called SCAPtimony that served as a database of compliance assets. A spiritual predecessor of Complimony that later became ATO Pathways.
  • Šimon has been principal author of Red Hat OVAL Feed v2, a back office microservice, that composed vulnerability and errata information from various sources and published vulnerability feed for all (majority) of Red Hat products. These feeds have been used by customers often on a daily basis to assess vulnerability posture of their endpoints.
  • Later as a part of Red Hat's CTO office, Šimon had an opportunity to start GoComply projects that was first open source implementation of OSCAL and allowed (at the time) to convert OpenControls or OSCAL SSPs to Microsoft Word documents needed for ATO.
  • Principal author of Golie the first implementation of RFC 8322 a protocol for efficient exchange of compliance assets.
  • Principal author of OpenControl Database a web service to visualize NIST-800-53 controls and their profiles together with custom responses (SSPs). Added ability to track compliance progress over time and ability to print out into the OSCAL and MS Word documents needed for ATO. This system was later powering Red Hat's ATO Pathways site, until its sunset, and now it continues to run only in private deployments.
  • Šimon has served as Staff Cloud Solution Architect at CrowdStrike. Designing cloud reference architectures to protect workload in a manner compliant with FedRAMP.
  • Since 2007 Šimon has contributed to over hundred of opensource projects as documented on his github profile.
  • Lately, Šimon has been consulting with MissionIT and helping customers to achieve government readiness of their products. He is also principal architect of a private 5G network observability platform.

Get in touch through LinkedIn.