Cybersecurity Architect and Cloud Security Leader
Resume:
ATABONG BRANDON FORCHA
Boston, MA, *************@*****.*** 240-***-**** linkedin.com/in/atabong-forcha
SUMMARY
Cybersecurity Architect and Senior Cloud Security Engineer with 10+ years securing DoD and enterprise systems across AWS, GCP and Azure. Expert in Zero Trust, RMF (NIST 800-53), and DevSecOps, delivering measurable risk reduction. Aligned with ISC2 CISSP domains, with strong expertise in IAM, SIEM, and cloud security architecture.
CLEARANCE: Active DoD TS/SCI (LOJ – eligible for immediate re-sponsorship)
EXPERIENCE
Cybersecurity Architect
Hanscom Air Force Base (Millennium Corporation) October 2023 - December 2025, Bedford, MA
•Led full Risk Management Framework (RMF) lifecycle across 5+ DoD systems using eMASS, achieving 100% ATO readiness and eliminating compliance gaps.
•Architected Zero Trust and enterprise security architecture aligned with NIST 800-53, reducing lateral movement risk by 30% and improving accreditation timelines.
•Integrated AWS-native security services (CloudTrail, GuardDuty, CloudWatch) with SIEM, improving threat detection and reducing response time by 30%.
•Directed IAM governance and vulnerability management across 500+ endpoints, reducing unauthorized access by 30% and accelerating remediation by 40%.
•Automated security controls and led SCAs/remediation efforts, reducing control deficiencies by up to 50% while advising leadership on risk and security strategy.
•Defined and executed enterprise security roadmap aligned with Zero Trust and RMF, improving risk visibility and accelerating system accreditation.
Cloud Security Architect
SAP SE (Tata Consultancy Services) July 2021 - October 2023, Boston, MA
•Architected multi-cloud security solutions (AWS, Azure, GCP) supporting 20+ production workloads, embedding security into scalable architectures.
•Designed IAM governance and encryption strategies (AWS KMS, Azure Key Vault), reducing unauthorized access and data exposure risk by 40% across 70+ workloads.
•Built Terraform-based IaC frameworks and integrated DevSecOps into CI/CD pipelines, reducing configuration errors by 30%.
•Engineered automated vulnerability management and compliance monitoring (Security Hub, Defender, GCP SCC), improving detection accuracy by 30% and response time by 25%, while defining cloud security reference architectures and governance frameworks aligned with Zero Trust.
Senior Cybersecurity Analyst & Subject Matter Expert (SME)
Manulife Financial Corporation (Cognizant) January 2010 - July 2021, Boston, MA
•Directed enterprise SIEM architecture and security operations (Splunk, QRadar), analyzing 100M+ events/day, improving threat detection by 35% and reducing investigation time by 28%.
•Led enterprise vulnerability management across 4,000+ endpoints, achieving 97% patch compliance and significantly strengthening security posture.
•Architected secure SOC and network frameworks (automated runbooks, threat hunting), improving audit compliance by 30% and operational scalability.
•Redesigned incident response processes, reducing escalation time by 42%, and served as SME advising leadership on threat mitigation, SIEM optimization, and compliance strategy.
EDUCATION
Master of Science (M.Sc.), Cybersecurity Technology
University of Maryland Global Campus
Bachelor of Science (B.Sc.), Geology
University of Dschang
CERTIFICATIONS
CISSP - Certified Information Systems Security Professional (In progress, by 4/18/2026)
CISM – Certified Information Security Manager
AWS Certified Solutions Architect – Associate
CompTIA Security+
CEH – Certified Ethical Hacker
Certified Linux Systems Administrator
SKILLS
Security & Risk Management: NIST RMF, NIST 800-53, FedRAMP, Risk Assessment, Governance, ATO/cATO
Asset Security: Data Classification, Data Protection, Encryption (AES-256), Data Lifecycle Management
Security Architecture & Engineering: Zero Trust Architecture, Cloud Security (AWS/Azure), Secure System Design
Communication & Network Security: VPC Design, Network Segmentation, Firewalls, VPN, IDS/IPS
Identity & Access Management (IAM): RBAC, MFA, PAM, SSO, AWS IAM, Azure Entra ID
Security Assessment & Testing: Vulnerability Management (ACAS, Nessus), STIGs, SCAP, Pen Testing Support
Security Operations: SIEM (Splunk, QRadar), Incident Response, Threat Hunting, SOC Operations
Software Development Security: DevSecOps, CI/CD Security, SAST/DAST, Secure Code Reviews
Tools and Technologies: AWS (CloudTrail, GuardDuty, Security Hub, Config); Azure (Defender, Entra ID, Key Vault); GCP (Security Command Center); Splunk, IBM QRadar, Microsoft Sentinel, Terraform, GitHub Actions, SonarQube; eMASS, STIG Viewer, ACAS, Nessus.
Contact this candidate