The apex CNAME problem is solved. Most browsers never got the memo.
RFC 9460 fixed apex aliasing in the protocol, but the clients never followed. In multi-provider DNS, where vendor workarounds are off the table, that leaves you with no fallback.
SOLUTIONS ENGINEER Β· AKAMAI Β· MADRID
Christian Scotti
I work at Akamai, where I help large organizations in Iberia keep their web infrastructure fast, secure, and standing β especially on the days when someone is actively trying to take it down.
About me
I'm based in Madrid, where I've been working in enterprise IT for over 20 years β currently as a Solutions Engineer at Akamai, helping large organizations in Iberia build secure, high-performing web experiences.
The job keeps me close to the interesting edge cases: WAF configurations that need to hold up against real attacks, certificate rotations that can't break mobile apps, CDN architectures built to absorb traffic spikes without flinching. I like the puzzle-solving side of it, and I haven't found a problem yet that didn't have a cleaner solution hiding inside it.
At home, I'm keeping up with two daughters who are growing way too fast. When I get a window, I'm on the padel court, in the gym, or going down a music rabbit hole β my taste has no consistent genre and I refuse to apologize for it.
If you'd like to dig into my background, you can find me here:
Work experience
Senior Solutions Engineer
Akamai Technologies, Madrid, Spain
2021 - Present
As part of the Presales team, I contribute in making the digital experiences fast, reliable and secure for Iberia top brands.
Architect solutions to solve customer technical challenges to deliver the best web performance and protect them against fraudulent activities and security threats.
Senior Technical Support Engineer
Akamai Technologies, Madrid, Spain
2017 - 2021
Provided technical solutions for Premium accounts from the South Europe sub-region.
Collaborated with stakeholders to find the solutions to complex issues
Proactively reviewed and mitigated risks to minimize potential disruption.
SME for Digital Performance Monitoring products.
Technical Escalations Engineer
HP Software, Madrid, Spain
2011 - 2017
Acted as Subject Matter Expert for the ITOM/Operations Bridge suite of products.
Helped resolve the most technically complex, mission critical customer issues.
Acted as technical advisor to devise solutions for top EMEA accounts.
Delivered advanced technical training for internal and external audiences.
Coahed and mentored junior team members.
Technical Support Engineer
HP Software, Madrid, Spain
2005 - 2011
Provided high-level technical solutions to EMEA accounts.
Created and reviewed knowledge documents increasing the content quality of the technical knowledge database.
Contributed to product quality by identifying and accurately diagnosing product defects.
Education
Masters Degree, Business Administration
Fundesem Business School
2003 - 2004
Bachelor of Applied Science, Electronic Engineering
Universidad Simon BolΓvar
1992 - 1999
Skills
Twenty years of hard-won pattern matching β mostly in security, performance, and the messy overlap between the two.
WAF & Application Security
Designing and tuning web application firewall policies, bot management rules, and API protection for enterprise deployments.
CDN & Edge Architecture
Building delivery strategies and edge compute solutions (EdgeWorkers) that balance performance, availability, and cost.
TLS & Certificate Management
Certificate lifecycle automation, ACME protocol, mTLS, and the operational impact of shrinking certificate lifetimes.
DDoS Mitigation
L3/L4 volumetric attack response, rate limiting, and resilience design for high-traffic properties.
Web Performance
Core Web Vitals analysis, caching strategy, image optimization, and latency profiling across the delivery chain.
Solution Architecture
Translating security and performance requirements into concrete, implementable configurations for Iberia's top brands.
Technical Presales
Leading proof-of-concept engagements, technical evaluations, and architecture workshops across the enterprise sales cycle.
Scripting & Automation
Python and JavaScript for API integrations, attack simulations, and internal tooling. EdgeWorkers for edge-side logic.
Technical Communication
Comfortable presenting to CISOs, working alongside ops teams, and writing customer-facing briefs in Spanish and English.
Got a problem worth solving?
Whether it's a technical challenge, an architecture question, or you just want to compare notes β I'm reachable.
From the blog
View all posts Β»The stuff I had to figure out the hard way β DNS edge cases, TLS sharp corners, CDN internals, and the kind of problems that only show up in production at 2am.
Zero-downtime deploys without a platform: the symlink pattern
rsync to a versioned directory, atomically swap a symlink, keep the last five releases. That is the entire pattern. Here is how to do the swap without surprises β and what the filesystem cannot cover for you.
Three walls between you and post-quantum TLS on stock Ubuntu nginx
Enabling X25519MLKEM768 on Ubuntu 24.04 with oqs-provider sounds like a one-line change. It is not. A field report on the three non-obvious blockers.
Trust on a Timer: Why 47-Day Certificates Break Static Pinning
By 2029, public TLS certificates will live just 47 days. The math alone retires a decade of mobile-app security practice β and forces every architect to revisit how trust is established, rotated, and revoked.