Luís Ventura

Answering the Million Dollar Question: Why did I Break Production?

How did a tiny performance lag uncover a massive security backdoor? Learn why human oversight remains your most critical defense against failure.

Answering the Million Dollar Question: Why did I Break Production?
#1about 4 minutes

Understanding the complexity of modern software development

Modern software is complex due to large codebases, external dependencies, changing requirements, and distributed teams.

#2about 6 minutes

How human error and assumptions lead to outages

Real-world examples show how simple mistakes, phishing attacks, and incorrect assumptions can cause major system failures.

#3about 5 minutes

Managing infrastructure complexity and planning for scale

Over-provisioning, under-provisioning, and failing to anticipate user load can lead to costly outages and poor performance.

#4about 1 minute

How to anticipate future-proofing issues in code

The "Gangnam Style" integer overflow illustrates why developers must consider data type limits and long-term system behavior.

#5about 5 minutes

Finding leaked secrets with static analysis tools

A live demo shows how to use a tool like Trivy to automatically scan infrastructure-as-code files for exposed credentials.

#6about 4 minutes

Scanning for vulnerable dependencies and IaC misconfigurations

Tools like Trivy and Checkov can automatically scan package manifests and configuration files for known vulnerabilities and security issues.

#7about 2 minutes

Using linters to catch common code-level bugs

A demonstration of ESLint shows how linters can identify common programming mistakes like scope errors or missing break statements.

#8about 1 minute

Recognizing the limitations of automated security tools

Automated tools are helpful but cannot replace the critical thinking and context provided by manual code reviews and comprehensive testing.

#9about 1 minute

The critical role of human observation in security

The discovery of the XZ Utils backdoor highlights that human intuition and detailed investigation remain essential for finding sophisticated threats.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

How AI-generated content is overwhelming open source maintainers
06:46 MIN

How AI-generated content is overwhelming open source maintainers

WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More

Prompt injection as an unsolved AI security problem
07:39 MIN

Prompt injection as an unsolved AI security problem

AI in the Open and in Browsers - Tarek Ziadé

Technical challenges of shipping a cross-platform browser
09:38 MIN

Technical challenges of shipping a cross-platform browser

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
I broke the production26:18

I broke the production

Arto Liukkonen

Shipping Quality Software In Hostile Environments 43:00

Shipping Quality Software In Hostile Environments

Luka Kladaric

From Monolith Tinkering to Modern Software Development41:06

From Monolith Tinkering to Modern Software Development

Lars Gentsch

3 Key Steps for Optimizing DevOps Workflows24:31

3 Key Steps for Optimizing DevOps Workflows

Daniel Tao

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

The AI Agent Path to Prod: Building for Reliability30:48

The AI Agent Path to Prod: Building for Reliability

Max Tkacz

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps Engineer

DevOps Engineer

Zenstack Software Testing Ltd
Charing Cross, United Kingdom

Remote
Bash
YAML
Azure
DevOps
+8
DevSecOps

DevSecOps

Xebia
Retortillo de Soria, Spain

GIT
Terraform
Continuous Integration
Amazon Web Services (AWS)
AWS DevOps Engineer

AWS DevOps Engineer

BRIO DIGITAL LTD
Leeds, United Kingdom

Remote
£130K
Python
Terraform
Kubernetes
+3