Luís Ventura

Answering the Million Dollar Question: Why did I Break Production?

How did a tiny performance lag uncover a massive security backdoor? Learn why human oversight remains your most critical defense against failure.

Answering the Million Dollar Question: Why did I Break Production?
#1about 4 minutes

Understanding the complexity of modern software development

Modern software is complex due to large codebases, external dependencies, changing requirements, and distributed teams.

#2about 6 minutes

How human error and assumptions lead to outages

Real-world examples show how simple mistakes, phishing attacks, and incorrect assumptions can cause major system failures.

#3about 5 minutes

Managing infrastructure complexity and planning for scale

Over-provisioning, under-provisioning, and failing to anticipate user load can lead to costly outages and poor performance.

#4about 1 minute

How to anticipate future-proofing issues in code

The "Gangnam Style" integer overflow illustrates why developers must consider data type limits and long-term system behavior.

#5about 5 minutes

Finding leaked secrets with static analysis tools

A live demo shows how to use a tool like Trivy to automatically scan infrastructure-as-code files for exposed credentials.

#6about 4 minutes

Scanning for vulnerable dependencies and IaC misconfigurations

Tools like Trivy and Checkov can automatically scan package manifests and configuration files for known vulnerabilities and security issues.

#7about 2 minutes

Using linters to catch common code-level bugs

A demonstration of ESLint shows how linters can identify common programming mistakes like scope errors or missing break statements.

#8about 1 minute

Recognizing the limitations of automated security tools

Automated tools are helpful but cannot replace the critical thinking and context provided by manual code reviews and comprehensive testing.

#9about 1 minute

The critical role of human observation in security

The discovery of the XZ Utils backdoor highlights that human intuition and detailed investigation remain essential for finding sophisticated threats.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Q&A on production code analysis and performance bottlenecks
07:45 MIN

Q&A on production code analysis and performance bottlenecks

Data Science on Software Data

Q&A on low-code, production readiness, and career
11:34 MIN

Q&A on low-code, production readiness, and career

Build Your Own Subscription-based Course Platform

Q&A on customer impact and worst production breaks
02:11 MIN

Q&A on customer impact and worst production breaks

I broke the production

A personal story of breaking production at scale
06:21 MIN

A personal story of breaking production at scale

I broke the production

Common security failures beyond individual coding errors
03:27 MIN

Common security failures beyond individual coding errors

Maturity assessment for technicians or how I learned to love OWASP SAMM

Q&A on policy culture, tooling, and security
22:06 MIN

Q&A on policy culture, tooling, and security

Policy as [versioned] code - you're doing it wrong

Q&A on shared systems and scaling productivity
05:52 MIN

Q&A on shared systems and scaling productivity

Forget Developer Platforms, Think Developer Productivity!

How engineers handle production errors and monitoring
01:40 MIN

How engineers handle production errors and monitoring

DevOps at Netflix

Featured Partners

Related Videos

See all videos
Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?
27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

I broke the production
26:18

I broke the production

Arto Liukkonen

Real-World Security for Busy Developers
29:50

Real-World Security for Busy Developers

Kevin Lewis

3 Key Steps for Optimizing DevOps Workflows
24:31

3 Key Steps for Optimizing DevOps Workflows

Daniel Tao

Shipping Quality Software In Hostile Environments
43:00

Shipping Quality Software In Hostile Environments

Luka Kladaric

From Monolith Tinkering to Modern Software Development
41:06

From Monolith Tinkering to Modern Software Development

Lars Gentsch

82 Bugs I Collected in a Year You Won’t Believe Made It to Production
31:54

82 Bugs I Collected in a Year You Won’t Believe Made It to Production

François Martin

Supply Chain Security and the Real World: Lessons From Incidents
24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Related Articles

View all articles
Daniel Cranney
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Inside last week’s Dev Digest 214 . 🕵️ Claude source code leaked, analysed and re-written in 2 days 🐙 GitHub auto-opts users into feeding their code to train their AI 🌐 Pretext shows how to show complex text rendering in the browser 🤖 How to securin...
Dev Digest 214: Claude Is Leaking, GitHub Is Listening & Axios Hacked!
Christina Schaireiter
Why Attend a Developer Event?
Modern software engineering moves too fast for documentation alone. Attending a world-class event is about shifting from tactical execution to strategic leadership. Skill Diversification: Break out of your specific tech stack to see how the industry...
Why Attend a Developer Event?

From learning to earning

Jobs that call for the skills explored in this talk.