Luís Ventura

Aug 22, 2024 • World Congress 2024

Answering the Million Dollar Question: Why did I Break Production?

How did a tiny performance lag uncover a massive security backdoor? Learn why human oversight remains your most critical defense against failure.

#1about 4 minutes

Understanding the complexity of modern software development

Modern software is complex due to large codebases, external dependencies, changing requirements, and distributed teams.

#2about 6 minutes

How human error and assumptions lead to outages

Real-world examples show how simple mistakes, phishing attacks, and incorrect assumptions can cause major system failures.

#3about 5 minutes

Managing infrastructure complexity and planning for scale

Over-provisioning, under-provisioning, and failing to anticipate user load can lead to costly outages and poor performance.

#4about 1 minute

How to anticipate future-proofing issues in code

The "Gangnam Style" integer overflow illustrates why developers must consider data type limits and long-term system behavior.

#5about 5 minutes

Finding leaked secrets with static analysis tools

A live demo shows how to use a tool like Trivy to automatically scan infrastructure-as-code files for exposed credentials.

#6about 4 minutes

Scanning for vulnerable dependencies and IaC misconfigurations

Tools like Trivy and Checkov can automatically scan package manifests and configuration files for known vulnerabilities and security issues.

#7about 2 minutes

Using linters to catch common code-level bugs

A demonstration of ESLint shows how linters can identify common programming mistakes like scope errors or missing break statements.

#8about 1 minute

Recognizing the limitations of automated security tools

Automated tools are helpful but cannot replace the critical thinking and context provided by manual code reviews and comprehensive testing.

#9about 1 minute

The critical role of human observation in security

The discovery of the XZ Utils backdoor highlights that human intuition and detailed investigation remain essential for finding sophisticated threats.

Eltemate
Amsterdam, Netherlands

Intermediate

Senior

TypeScript

Continuous Integration

Patronus Group
Berlin, Germany

Senior

Amazon Web Services (AWS)

Kotlin

SD Worx
Antwerp, Belgium

Senior

Kubernetes

Azure

From learning to earning

Jobs that call for the skills explored in this talk.

Confideck GmbH
Vienna, Austria

Remote

Intermediate

Senior

Node.js

MongoDB

TypeScript

Engineering Ltd

£44-72K

CSS

GIT

SASS

REST

+13

iO Associates

£40-60K

Java

Bash

Azure

DevOps

+15

Security Engineer - Product & Production Infrastructure

Wiz, Inc.

Senior

Azure

DevOps

Python

Terraform

Kubernetes

Breakthrough Talent
Municipality of Madrid, Spain

Remote

API

Azure

JMeter

Python

evodion evodion
Hamburg, Germany

Shell

DevOps

Gitlab

Docker

Ansible

Linux System Engineer - QA, Tooling, Automation

QA Ltd

Remote

C++

Linux

Python

Unit Testing

Lead devops engineer- atlassian tools & kubernetes (id:3172)

Gelderland Utrecht Overijssel Drenthe Zeeland Flevoland

Senior

JIRA

Linux

DevOps

Python

Bamboo

Thales

Scrum

DevOps

Confluence

Cisco networks

Microsoft Access

Understanding the complexity of modern software development

How human error and assumptions lead to outages

Managing infrastructure complexity and planning for scale

How to anticipate future-proofing issues in code

Finding leaked secrets with static analysis tools

Scanning for vulnerable dependencies and IaC misconfigurations

Using linters to catch common code-level bugs

Recognizing the limitations of automated security tools

The critical role of human observation in security

QA Automation Engineer

Tech Lead (m/f/x) - Berlin

Azure Tech Lead

Matching moments

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Balancing the trade-off between efficiency and resilience

What 2025 Taught Us: A Year-End Special with Hung Lee

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Scripting presentations and demos in VS Code

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

How a broken frontend culture impacts the web

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Featured Partners

Related Videos

I broke the production

Shipping Quality Software In Hostile Environments

From Monolith Tinkering to Modern Software Development

3 Key Steps for Optimizing DevOps Workflows

Real-World Security for Busy Developers

Supply Chain Security and the Real World: Lessons From Incidents

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

101 Typical Security Pitfalls

Related Articles

From learning to earning

TypeScript Software Engineer (m/w/d)

DevOps Full Stack Software Engineer

DevSecOps Engineer (Erlang/Elixir)

Security Engineer - Product & Production Infrastructure

Senior Site Reliability Engineer

DevOps-Engineer

Linux System Engineer - QA, Tooling, Automation

Lead devops engineer- atlassian tools & kubernetes (id:3172)

DevOps Engineer Collaboration