Martin Stühmer

Who I Am

I’m Martin, CTO at Integrated Worlds GmbH in the Stuttgart region. I’ve been building .NET systems for nearly 20 years — since Framework 2.0, when SOAP was cutting-edge and ORMs were controversial.

Today I lead technology strategy for cloud-native solutions on Azure. Before this, I was Director of Consulting Services at CGI, working with enterprise teams on architecture and digital transformation across multiple industries.

Credentials and recognition:

Microsoft Certified Trainer (MCT)
IHK-certified instructor (Industrie- und Handelskammer)
Open-source maintainer — NuGet packages used by development teams I’ve never met
LinkedIn: martin-stuehmer · GitHub: samtrion · Bluesky: @samtrion.net

Areas of Expertise

Nearly two decades of production work has concentrated into a few areas where I have both depth and strong opinions:

Modern .NET and C# — From the framework era through .NET 10. Performance engineering, source generators, Roslyn analyzers, testing strategies, static analysis, and the long arc of what actually improved versus what just changed.

Cloud-native architecture on Azure — Azure Kubernetes Service (AKS) at scale, multi-cluster networking, zero-downtime upgrades, cost governance, observability, and the gap between what Azure can do and what makes sense to use.

DevOps and supply-chain security — GitHub Actions, dependency management, container security, infrastructure-as-code compliance with Bicep, and the organisational practices that make automated pipelines trustworthy.

Application security and privacy — Secrets management with Azure Key Vault, managed identities, content exclusions in AI coding tools, data minimisation patterns, GDPR-relevant implementation in .NET and ASP.NET Core.

Engineering culture and pragmatism — What AI coding assistants actually change about software quality, how to introduce static analysis without breaking teams, and when “best practices” are cargo-cult repetition versus earned principle.

What I Do

As CTO, I don’t just make decisions from a distance. I write code, review PRs, debug production issues, and mentor teams. Technology leadership means staying hands-on and feeling the consequences of your choices.

As a trainer and mentor, I focus on fundamentals that outlast framework hype. Static analyzers, testing strategies, performance patterns, maintainable architecture — the stuff that actually prevents production fires.

As an open-source maintainer, I publish packages that solve problems I’ve hit repeatedly in real systems. When strangers depend on your code, you write better tests and clearer docs.

What I’ve Learned

Almost two decades means I’ve made every mistake: over-engineered systems, bet on Silverlight and WCF (oops), built “flexible” architectures that were just complicated, shipped code I’m not proud of.

Here’s what stuck:

Quality isn’t optional – Analyzers catch bugs in milliseconds, tests prevent regressions, and both are faster than firefighting
Fundamentals outlast frameworks – Patterns and principles survive; specific tools don’t always
Context beats dogma – “Best practices” depend on your team, domain, and constraints
Evidence beats opinion – Measure, benchmark, validate before deciding
Pragmatism wins – Good-enough architecture that ships beats perfect architecture that doesn’t

What I Write About

I share perspectives from production systems and real teams — not tutorials recycled from documentation. Topics I cover regularly:

.NET and C#: performance, source generators, analyzers, testing, language evolution
Azure and AKS: architecture decisions, networking, scaling, cost, security posture
DevOps: GitHub Actions, dependency security, CI/CD pipeline design, supply-chain risk
Application security and GDPR: secrets handling, access control, data minimisation, audit logging
AI coding tools: what Copilot, Claude Code, and similar tools actually change (and what they don’t)
Engineering culture: technical debt, code quality, the economics of shortcuts

I’m skeptical of buzzword-driven development and allergic to cargo-cult practices. If a trend lacks substance or a pattern doesn’t hold up under pressure, I’ll say so. The articles are written for developers, solution architects, and operators who maintain production systems and care about quality, not just shipping fast.

Published blogs

Security Cosplay: Your Password-Only Admin Panel Isn't Fooling Anyone

Username and password for admin access? That’s not security, that’s security cosplay. You’re wearing the costume without any of the actual protection. One leaked credential and attackers walk right through your front door. Azure AD B2C with conditional MFA ends the costume party: risk-based authentication that only challenges when it matters. View a dashboard? Password’s fine. Delete production data? Prove you’re really you.

Who Ran That Migration?

Three hours into a production incident, someone asks the obvious question. Silence. The terminal closed, the build log expired last week, and your migration tool printed “Success” before forgetting everything. This scenario repeats constantly: privileged CLI operations that modify production systems, then vanish without a trace. The fix requires discipline, not genius: structured logging, user identity tracking, and persistent storage.

Purpose Limitation in API Design: Leaking Data You Shouldn't

Most APIs expose personal data based on database entities, not caller needs. When a password reset endpoint returns a user’s full profile, purchase history, and marketing preferences, that’s purpose drift. This article shows how to restructure ASP.NET Core APIs around caller purposes using resource-based authorization, consent validation, and field-level access control.

"We Store Secrets in appsettings.json": A Horror Story in Five Acts

Every Azure subscription I’ve worked with has the same problem: connection strings with embedded credentials in appsettings.json, Service Principal secrets checked into Git history, storage account keys hardcoded everywhere. The credential sprawl is real. These aren’t careless developers. These are smart people applying on-premises patterns where they don’t belong. Azure Managed Identity flips the model entirely. Instead of your application proving identity by presenting a secret, Azure proves identity on your application’s behalf through cryptographic attestation. No secrets in code. No credentials in configuration. No rotation ceremonies. The Azure SDK’s DefaultAzureCredential handles authentication automatically, working identically in local development and production. Combined with RBAC, you scope permissions to exactly what each application needs. Not Contributor-level access to the entire subscription. Just the specific operations on specific resources that the application actually requires. This article walks through credential anti-patterns I encounter constantly, then shows the correct implementation using Bicep and .NET’s DefaultAzureCredential. The migration path is pragmatic: within weeks, not months, you can have zero static credentials in your codebase.

247 Strangers Have Root Access to Your Production

Your organization has a thorough vendor approval process. Procurement forms. Security questionnaires. Legal reviews lasting months. Then your developers run npm install and pull 247 packages from strangers on the internet—and nobody blinks. That’s the supply chain security paradox most teams live with daily. This guide shows you how to implement Dependabot, dependency review, and SBOM generation as the defensive controls they should be—not as checkbox compliance theater.