Some of the best ideas come not from peace of mind—but from moments of chaos. As the head of Customer Experience at Liferay in Latin America, I lived through more than a few of those nights. 37 Audits was born out of exactly that: two high-stakes incidents that made me realize just how exposed we were when we operated reactively instead of proactively.
When a 59MB Video Took Down the Cluster
It started with a seemingly harmless publication: a client added a video to their homepage. Nothing unusual — except they uploaded the 59MB file directly into the CMS. No CDN, no lazy loading, no streaming. The result? The homepage was serving that video to every visitor straight from the app server.
Traffic spiked. Resources were drained. And within minutes, the entire cluster was brought to its knees. The homepage had effectively become a denial-of-service vector — completely unintentionally.
We spent hours triaging and troubleshooting until we figured out that the root cause was the video. But it stuck with me: this wasn’t a bug. It was a mix of knowledge gaps and the absence of safeguards that turned into major downtime.
A situation that could have been totally avoided became another fire-drill episode. That was the moment I realized: we didn’t have anything in place to proactively detect these kinds of issues.
The Night a CVE Blew Up on X.com
A few weeks later, I was getting ready to log off late at night when my phone buzzed. On the other end was someone from one of the largest oil companies in the world — and they weren’t calling to chat. They told me they were being exposed on X (formerly Twitter), right that second, because of a known CVE in the version of Liferay they were running.
And I had no idea it was coming.
From that moment on, we were in full damage control mode. I scrambled to get the infosec team involved, opened a Slack channel, and tried to contain the fallout. But the reality hit me: we were completely reactive. We found out only after the exposure happened. And that wasn’t a place I wanted to be again.
A few questions came to my sleepy brain:
Why didn’t we catch this before it exploded?
Why wasn’t this automatically flagged?
From Crisis Mode to Continuous Audits
Those two moments were turning points. I didn’t want to stay in a cycle of firefighting. I wanted a way to catch these issues before they caused outages, data leaks, or brand damage.
That’s when I started building small scripts to check my customers’ websites — scripts that eventually led to 37 Audits, a platform that continuously audits websites for:
🚨 Unoptimized resources
🔐 Outdated software versions
🔍 SEO issues
🛡️ Security header misconfigurations
⚙️ And much more...
What used to be late-night surprises are now proactive audits. And what used to keep me up at night now gets flagged, categorized, and resolved—before it ever hits production.