What does your company do if you have to access a TLS site which uses client certificates for authentication? AFAIK, client certificates don't work when there's a MITM on the TLS traffic, since the MITM proxy doesn't have a way to produce a client certificate that will be accepted by the server.