Luís Ventura

Answering the Million Dollar Question: Why did I Break Production?

How did a tiny performance lag uncover a massive security backdoor? Learn why human oversight remains your most critical defense against failure.

Answering the Million Dollar Question: Why did I Break Production?
#1about 4 minutes

Understanding the complexity of modern software development

Modern software is complex due to large codebases, external dependencies, changing requirements, and distributed teams.

#2about 6 minutes

How human error and assumptions lead to outages

Real-world examples show how simple mistakes, phishing attacks, and incorrect assumptions can cause major system failures.

#3about 5 minutes

Managing infrastructure complexity and planning for scale

Over-provisioning, under-provisioning, and failing to anticipate user load can lead to costly outages and poor performance.

#4about 1 minute

How to anticipate future-proofing issues in code

The "Gangnam Style" integer overflow illustrates why developers must consider data type limits and long-term system behavior.

#5about 5 minutes

Finding leaked secrets with static analysis tools

A live demo shows how to use a tool like Trivy to automatically scan infrastructure-as-code files for exposed credentials.

#6about 4 minutes

Scanning for vulnerable dependencies and IaC misconfigurations

Tools like Trivy and Checkov can automatically scan package manifests and configuration files for known vulnerabilities and security issues.

#7about 2 minutes

Using linters to catch common code-level bugs

A demonstration of ESLint shows how linters can identify common programming mistakes like scope errors or missing break statements.

#8about 1 minute

Recognizing the limitations of automated security tools

Automated tools are helpful but cannot replace the critical thinking and context provided by manual code reviews and comprehensive testing.

#9about 1 minute

The critical role of human observation in security

The discovery of the XZ Utils backdoor highlights that human intuition and detailed investigation remain essential for finding sophisticated threats.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Q&A on customer impact and worst production breaks
24:07 MIN

Q&A on customer impact and worst production breaks

I broke the production

Q&A on production code analysis and performance bottlenecks
40:25 MIN

Q&A on production code analysis and performance bottlenecks

Data Science on Software Data

A personal story of breaking production at scale
00:48 MIN

A personal story of breaking production at scale

I broke the production

Q&A on shared systems and scaling productivity
51:53 MIN

Q&A on shared systems and scaling productivity

Forget Developer Platforms, Think Developer Productivity!

How engineers handle production errors and monitoring
29:58 MIN

How engineers handle production errors and monitoring

DevOps at Netflix

Securing applications in the production environment
25:59 MIN

Securing applications in the production environment

Securing Your Web Application Pipeline From Intruders

Q&A on speed, team adoption, and common mistakes
29:56 MIN

Q&A on speed, team adoption, and common mistakes

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Q&A on low-code, production readiness, and career
1:13:07 MIN

Q&A on low-code, production readiness, and career

Build Your Own Subscription-based Course Platform

Featured Partners

Related Videos

See all videos
I broke the production26:18

I broke the production

Arto Liukkonen

From Monolith Tinkering to Modern Software Development41:06

From Monolith Tinkering to Modern Software Development

Lars Gentsch

Shipping Quality Software In Hostile Environments 43:00

Shipping Quality Software In Hostile Environments

Luka Kladaric

3 Key Steps for Optimizing DevOps Workflows24:31

3 Key Steps for Optimizing DevOps Workflows

Daniel Tao

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
DC
Daniel Cranney
Dev Digest 188: CfP time, the risks of NPM and IKEA algorithms
Inside last week’s Dev Digest 188 . 🤖 GitHub Copilot CLI is now in public review 💻 Microsoft is bringing ‘vibe working’ to office apps 🎣 Attackers abuse AI tools to generate captchas in fishing attacks ⚠️ When LLMs autonomously attack 🧠 Common cause...
Dev Digest 188: CfP time, the risks of NPM and IKEA algorithms
CH
Chris Heilmann
WWC24 Talk - Brenda Romero - Stay: Surviving and Thriving in Tech
Brenda Romero discusses her tech career journey, overcoming burnout, and inspiring future game developers at WWC24.Here is what she had to say in the video:Hey everyone! Thanks for joining us!Reflections on a Rough YearLast year, I gave a talk about ...
WWC24 Talk - Brenda Romero - Stay: Surviving and Thriving in Tech
CH
Chris Heilmann
Dev Digest 110 - XY marks the spotty security
This time we give you a collection of links about the XZ backdoor, solve the last CODE100 puzzle, announce the next round of it, let you play with colours and explain why Lava lamps are great to keep the web secure.News and ArticlesThe big piece of n...
Dev Digest 110 - XY marks the spotty security

From learning to earning

Jobs that call for the skills explored in this talk.

DevOps Engineer

DevOps Engineer

Channable
Utrecht, Netherlands

Remote
4-6K
DNS
Azure
Linux
+8
Expert DevOps Engineer

Expert DevOps Engineer

Talent Insights
Municipality of Santiago de Compostela, Spain

Remote
Bash
Azure
DevOps
Python
+10
DevOps Engineer

DevOps Engineer

Yesterday By Lorien
Edinburgh, United Kingdom

GIT
DevOps
Python
Gitlab
Docker
+3
DevOps Engineer

DevOps Engineer

VIQU Ltd
Charing Cross, United Kingdom

£130-156K
Azure
DevOps
Terraform
Continuous Integration
DevOps Engineer

DevOps Engineer

VIQU Ltd
Southampton, United Kingdom

£130-156K
Azure
DevOps
Terraform
Continuous Integration