Martin Stühmer

Who I Am

I’m Martin, CTO at Integrated Worlds GmbH in the Stuttgart region. I’ve been building .NET systems for nearly 20 years—since Framework 2.0 when SOAP was cutting-edge and ORMs were controversial.

Today I lead technology strategy for cloud-native solutions on Azure. Before this, I was Director Consulting Services at CGI, working with enterprise teams on architecture and transformation. I’m a Microsoft Certified Trainer and IHK-certified instructor, and I maintain several open-source NuGet packages.

What I Do

As CTO, I don’t just make decisions from a distance. I write code, review PRs, debug production issues, and mentor teams. Technology leadership means staying hands-on and feeling the consequences of your choices.

As a trainer and mentor, I focus on fundamentals that outlast framework hype. Static analyzers, testing strategies, performance patterns, maintainable architecture—the stuff that actually prevents production fires.

As an open-source maintainer, I publish packages that solve problems I’ve hit repeatedly in real systems. When strangers depend on your code, you write better tests and clearer docs.

What I’ve Learned

Almost two decades means I’ve made every mistake: over-engineered systems, bet on Silverlight and WCF (oops), built “flexible” architectures that were just complicated, shipped code I’m not proud of.

Here’s what stuck:

  • Quality isn’t optional – Analyzers catch bugs in milliseconds, tests prevent regressions, and both are faster than firefighting
  • Fundamentals outlast frameworks – Patterns and principles survive; specific tools don’t always
  • Context beats dogma – “Best practices” depend on your team, domain, and constraints
  • Evidence beats opinion – Measure, benchmark, validate before deciding
  • Pragmatism wins – Good-enough architecture that ships beats perfect architecture that doesn’t

What I Write About

I share perspectives from production systems and real teams. I’m skeptical of buzzword-driven development and allergic to cargo-cult practices. If a trend lacks substance or a pattern doesn’t hold up under pressure, I’ll say so.

This blog is for developers, solution architects and operators who maintain production systems and care about quality, not just shipping fast.

Published blogs

Purpose Limitation in API Design: Leaking Data You Shouldn't

Purpose Limitation in API Design: Leaking Data You Shouldn't

Most APIs expose personal data based on database entities, not caller needs. When a password reset endpoint returns a user’s full profile, purchase history, and marketing preferences, that’s purpose drift. This article shows how to restructure ASP.NET Core APIs around caller purposes using resource-based authorization, consent validation, and field-level access control.
"We Store Secrets in appsettings.json": A Horror Story in Five Acts

"We Store Secrets in appsettings.json": A Horror Story in Five Acts

Every Azure subscription I’ve worked with has the same problem: connection strings with embedded credentials in appsettings.json, Service Principal secrets checked into Git history, storage account keys hardcoded everywhere. The credential sprawl is real. These aren’t careless developers. These are smart people applying on-premises patterns where they don’t belong. Azure Managed Identity flips the model entirely. Instead of your application proving identity by presenting a secret, Azure proves identity on your application’s behalf through cryptographic attestation. No secrets in code. No credentials in configuration. No rotation ceremonies. The Azure SDK’s DefaultAzureCredential handles authentication automatically, working identically in local development and production. Combined with RBAC, you scope permissions to exactly what each application needs. Not Contributor-level access to the entire subscription. Just the specific operations on specific resources that the application actually requires. This article walks through credential anti-patterns I encounter constantly, then shows the correct implementation using Bicep and .NET’s DefaultAzureCredential. The migration path is pragmatic: within weeks, not months, you can have zero static credentials in your codebase.
247 Strangers Have Root Access to Your Production

247 Strangers Have Root Access to Your Production

Your organization has a thorough vendor approval process. Procurement forms. Security questionnaires. Legal reviews lasting months. Then your developers run npm install and pull 247 packages from strangers on the internet—and nobody blinks. That’s the supply chain security paradox most teams live with daily. This guide shows you how to implement Dependabot, dependency review, and SBOM generation as the defensive controls they should be—not as checkbox compliance theater.
"Just Delete the User": Famous Last Words Before the GDPR Audit

"Just Delete the User": Famous Last Words Before the GDPR Audit

Your PM thinks erasure is a quick database DELETE. Three weeks later, you’ve found user data in seventeen places: production DB, analytics warehouse, Redis cache, Elasticsearch, backup tapes, and that legacy system nobody dares touch. “Delete” actually means orchestrating coordinated erasure across distributed systems, maintaining audit trails, notifying third parties, and proving it worked. This guide shows the fatal patterns I’ve seen fail spectacularly, then walks through proper orchestration with Azure Durable Functions, soft-delete with anonymization, verification checks, and immutable audit logs.
Why Your Azure Portal Clicks Will Fail the Next Audit

Why Your Azure Portal Clicks Will Fail the Next Audit

Manual portal configuration creates audit nightmares. When auditors ask “Show me your change control process,” clicking through Azure Activity Logs won’t save you. Here’s how Bicep turns infrastructure into auditable code—where Git history becomes your compliance evidence and pull requests become your approval workflow.