Dr. Zhijun (William) Zhang is the lead information security architect at The World Bank Group, where his team is responsible for security architecture design and assessment of all business solutions. William is a technology enthusiast and an active participant of the World Bank Group’s Innovation Lab activities, including many financial service use cases. Before joining the World Bank Group, William worked at The Vanguard Group, a large financial service organization in the US, in various capacities, including user experience design, emerging technology research, system architecture, and information security. William received his bachelor’s and master’s degrees in computer science from Peking University, and Ph.D. in computer science from the University of Maryland.
Session: The World Bank Group's Cloud Journey With DevSecOps
The World Bank Group started its journey into the cloud about three years ago. Adoption was quite slow initially but started to pick up in 2018. Recognizing that the traditional waterfall approach to application security would no longer align with the fast pace of application migration to the cloud, and subsequent application changes due to the elevated client expectations for the cloud, we started embedding security checks into the DevOps pipelines that were being established in the IT organization. Now we have mature security hooks for both the application pipeline and the infrastructure pipeline, and are working on integrating the two to further streamline the process. We are also making the pipeline as the security automation facility to enable the agile application delivery into the cloud. This enables us to greatly accelerate the application security process without degradation of our security posture.