In 2014, Filippo made the de facto standard tool for testing to see if your website was vulnerable to Heartbleed. (source: https://github.com/FiloSottile/Heartbleed)
A super-simple agent for using your YubiKey as your ssh-agent.
A simple, modern and secure encryption tool with small explicit keys, no config options, and UNIX-style composability.
mkcert automatically creates and installs a local CA in the system root store, and generates locally-trusted certificates. Configuring servers to use the certificates is up to you.
Age is a replacement for GPG's file encryption features that will be easier to use without making mistakes.
An explanation of some of the difficulties in private information retrieval, along with an interesting scheme to make using bloom filters more tenable.
Filippo does great work trying to demystify cryptography and improve implementations of cryptographic algorithms, and this is a nice example.