Martin Stühmer — CTO, Enterprise Architect & DevOps Engineer

Who I Am

I’m Martin, CTO at Integrated Worlds GmbH in the Stuttgart region. I’ve been writing production .NET code since Framework 2.0 — back when SOAP was still considered modern and ORMs were a heated debate. A lot has changed since then. My opinions have changed too, usually because I was wrong about something.

Before Integrated Worlds, I was Director of Consulting Services at CGI, leading teams through architecture decisions and digital transformation projects across multiple industries. These days I set technology strategy and stay close enough to the code to feel the consequences of those decisions firsthand.

I’m a Microsoft Certified Trainer and IHK-certified instructor, maintain several open-source NuGet packages, and write about what I’ve actually learned rather than what sounds good in theory.

LinkedIn · GitHub · Bluesky

What I Know Well

Nearly two decades of production work leaves marks. Here’s where I’ve built up depth and, frankly, strong opinions:

.NET and C# — I’ve tracked this ecosystem from the framework era to .NET 10. Source generators, Roslyn analyzers, performance engineering, testing strategies, static analysis. I know what actually improved over the years and what just changed names.

Cloud-native architecture on Azure — AKS at scale, multi-cluster networking, zero-downtime upgrade strategies, cost governance, observability. I’ve spent enough time in Azure to know the gap between what it can do and what you should actually use.

DevOps and supply-chain security — GitHub Actions, dependency management, container security, Bicep-based infrastructure compliance. The organisational side matters as much as the tooling.

Application security and privacy — Azure Key Vault, managed identities, GDPR-relevant .NET patterns, data minimisation, AI coding tool content exclusions. Security that works in practice, not just in architecture diagrams.

Engineering culture — What AI coding assistants actually change about software quality (less than the hype, more than the skeptics admit), how to introduce static analysis without poisoning team morale, and when “best practices” are earned principles versus cargo-cult repetition.

How I Work

As CTO I stay close to the code. I write, review PRs, debug production issues, and mentor — because technology leadership that operates purely from a distance eventually loses touch with the real cost of decisions.

As a trainer I focus on fundamentals that outlast the current framework cycle. Static analysis, testing discipline, performance patterns, maintainable architecture. The things that prevent fires, not just the things that look good in a job posting.

As an open-source maintainer I publish packages that solve problems I’ve hit repeatedly. Knowing that strangers depend on your code is one of the better ways to raise your standards.

What I’ve Learned the Hard Way

I’ve over-engineered systems that should have been simple. I bet on Silverlight and WCF. I built “flexible” architectures that were really just complicated ones. I’ve shipped code I’m not proud of.

Here’s what held up after all that:

Quality isn’t optional — analyzers find bugs in milliseconds, tests prevent regressions, and neither is slower than a production incident
Fundamentals outlast frameworks — the patterns and principles stick around long after the tools are deprecated
Context beats dogma — “best practices” always depend on your team, domain, and actual constraints
Evidence beats intuition — measure, benchmark, validate; don’t just decide
Pragmatism wins — architecture that ships beats architecture that’s perfect on paper

What I Write About

Everything here comes from production systems and real teams, not documentation rewrites. I’m skeptical of buzzword-driven development and allergic to advice that’s never been tested under load or deadline. If something doesn’t hold up, I’ll say so.

The topics I keep returning to: .NET and C# performance and evolution, Azure and AKS architecture decisions, DevOps and supply-chain risk, application security and GDPR implementation, what AI coding tools actually change (and what they don’t), and the economics of technical debt and code quality.

I write for developers, architects, and operators who maintain production systems and care about getting it right — not just getting it shipped.

The code you create is a valuable legacy, so it’s important to build it carefully.

Published blogs

Certified, Filed, Forgotten: The Compliance Trainwreck

Organization gets certified. Consultants cash their checks. Documentation gets filed somewhere. Then compliance becomes a Word document ritual: screenshot the portal, sign the checklist, ship it. Three months later, an audit exposes configuration drift, hardcoded secrets, and vulnerable dependencies nobody noticed. The forensic evidence disagrees with the signatures. The fix isn’t stricter sign-offs or more checklists. It’s treating compliance as an engineering problem with automated CLI tools that run on every deployment.

Security Cosplay: Your Password-Only Admin Panel Isn't Fooling Anyone

Username and password for admin access? That’s not security, that’s security cosplay. You’re wearing the costume without any of the actual protection. One leaked credential and attackers walk right through your front door. Azure AD B2C with conditional MFA ends the costume party: risk-based authentication that only challenges when it matters. View a dashboard? Password’s fine. Delete production data? Prove you’re really you.

Who Ran That Migration? Audit Trails for .NET CLI Tools

Three hours into a production incident, someone asks the obvious question. Silence. The terminal closed, the build log expired last week, and your migration tool printed “Success” before forgetting everything. This scenario repeats constantly: privileged CLI operations that modify production systems, then vanish without a trace. The fix requires discipline, not genius: structured logging, user identity tracking, and persistent storage.

Purpose Limitation in API Design: Leaking Data You Shouldn't

Most APIs expose personal data based on database entities, not caller needs. When a password reset endpoint returns a user’s full profile, purchase history, and marketing preferences, that’s purpose drift. This article shows how to restructure ASP.NET Core APIs around caller purposes using resource-based authorization, consent validation, and field-level access control.

"We Store Secrets in appsettings.json": A Horror Story in Five Acts

Every Azure subscription I’ve worked with has the same problem: connection strings with embedded credentials in appsettings.json, Service Principal secrets checked into Git history, storage account keys hardcoded everywhere. The credential sprawl is real. These aren’t careless developers. These are smart people applying on-premises patterns where they don’t belong. Azure Managed Identity flips the model entirely. Instead of your application proving identity by presenting a secret, Azure proves identity on your application’s behalf through cryptographic attestation. No secrets in code. No credentials in configuration. No rotation ceremonies. The Azure SDK’s DefaultAzureCredential handles authentication automatically, working identically in local development and production. Combined with RBAC, you scope permissions to exactly what each application needs. Not Contributor-level access to the entire subscription. Just the specific operations on specific resources that the application actually requires. This article walks through credential anti-patterns I encounter constantly, then shows the correct implementation using Bicep and .NET’s DefaultAzureCredential. The migration path is pragmatic: within weeks, not months, you can have zero static credentials in your codebase.