Can we stop intercepting user traffic (aka Man-in-the-Middle) please?

first… clarifying scope

What many of us are doing right now

Installing our own Root Certificate Authority (CA)

Enforcing a web proxy

Breaking the HTTPS connection

Blocking websites based on categories



[Fake] Data Leak Protection (DLP)

Breaking things

Hiding things

Downgrading security

Maintaining a cumbersome whitelist


Pretending to manage risk & keeping your Chief Information Security Officer (CISO) / Senior Information Risk Owner (SIRO) happy

What we could be doing

Pay attention to our end-user devices

Filtering based on Domain Name System (DNS) results

Getting email security right

Filtering based on Server Name Indication (SNI)

Improving your monitoring

If you truly need to (hint: most of you won’t) invest in true DLP

Getting ready for TLS v1.3

Quickly commenting on the out of scope



The thin blue line between technology and everything else.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store