Ross Haleliuk makes a counterintuitive claim that cuts through the noise of today's startup hype: the most powerful force shaping the current cybersecurity landscape isn't a new AI unicorn, but the enduring, sprawling network of alumni from a company many have forgotten. While the industry obsesses over the next big thing, Haleliuk argues that the true "mafia" driving innovation, leadership, and market consolidation is the legacy of RSA Security, a giant that defined the field forty-four years ago.
The Invisible Architecture
Haleliuk begins by observing a strange silence in modern cybersecurity circles. "When people in the industry talk about many companies, it's either innovative startups or powerful incumbents with unmatched distribution that get discussed," he writes. "And yet, in the past five years, I recall having only one conversation... about what was once one of the most consequential giants in cybersecurity: RSA Security." This observation is striking because it highlights a collective amnesia regarding the foundational layer of the industry. The author suggests that while the brand name has faded from the daily buzz, its DNA is everywhere.
The piece traces the lineage back to 1982, when three MIT cryptographers—Ron Rivest, Adi Shamir, and Leonard Adleman—founded RSA Data Security. Haleliuk notes that these three "invented what is now known as the RSA public-key cryptography algorithm, an algorithm that became one of the foundational technologies of the modern internet." This historical anchor is crucial; without the work of Rivest, Shamir, and Adleman (who later won the Turing Award), the secure web transactions we take for granted today would not exist. The author effectively reframes RSA not just as a vendor, but as the operating system upon which the digital economy was built.
"RSA made encryption commercially viable during a time when the idea of secure internet communication itself was still pretty theoretical."
Haleliuk's narrative then shifts to the company's commercial evolution, particularly the acquisition of Security Dynamics in 1996, which brought the SecurID hardware token into the fold. This move was transformative. "Following this acquisition and integration of the RSA algorithms with the SecurID token, SecurID became the standard for enterprise authentication, used by governments, banks, and Fortune 500 companies." The author argues that this standardization created a massive moat, embedding RSA into the very fabric of corporate identity management. Critics might note that this dominance also created a single point of failure for the industry, a vulnerability that has been exploited in major breaches over the years, but Haleliuk focuses on the structural influence rather than the operational risks.
The Corporate Carousel and the Spinout Ecosystem
The commentary then dissects the complex ownership history of RSA, moving from EMC to Dell, and finally to its independence under Symphony Technology Group. Haleliuk uses this trajectory to illustrate how the company's assets were carved up and reimagined. "RSA Security heavily leveraged M&A to expand into new areas and to acquire technologies it needed," he writes, listing a string of acquisitions that built a comprehensive portfolio. The author's framing is insightful: he treats these acquisitions not as mere business transactions, but as the incubation of future market leaders.
Three specific spinouts receive detailed attention, each representing a critical pillar of modern security. First is Archer, a governance, risk, and compliance (GRC) platform. Haleliuk describes it as "an operating system for GRC" that became the "system of record for enterprise risk." The fact that Archer remains a dominant player twenty-five years after its founding, despite a wave of new AI-driven competitors, speaks to the depth of its integration. "It's hard to believe that, still today, 25 years after its founding... the Archer platform remains one of the most trusted and widely deployed solutions," Haleliuk observes, underscoring the stickiness of legacy infrastructure.
Next is NetWitness, acquired by EMC and integrated into RSA's security information and event management (SIEM) capabilities. The author pays tribute to Amit Yoran, the visionary leader behind NetWitness, noting that Yoran's passion for the field left an indelible mark on the industry. "Although we lost Amit to cancer, he will always be remembered as one of the leaders who was deeply passionate about security and people in it," Haleliuk writes. This personal touch adds emotional weight to the business history, reminding readers that the "mafia" is made of people, not just products. NetWitness was eventually spun out again in 2025, completing a full circle of independence.
Finally, the piece highlights Outseer, born from RSA's fraud and risk intelligence division. "As banking and commerce moved online in the 2000s, fraud quickly evolved far beyond simple credential theft into sophisticated, multi-stage attacks," Haleliuk explains. The division's ability to analyze user behavior and device fingerprints in real time made it indispensable to the financial sector. The spinout of Outseer in 2021 demonstrates how RSA's legacy continues to adapt to new threats, even as the parent company changes hands.
"The most impactful legacy RSA Security left behind is the generation of leaders it helped raise."
The Human Network
The most compelling section of the article is the catalog of leaders who cut their teeth at RSA and went on to shape the broader ecosystem. Haleliuk lists an impressive roster: Art Coviello Jr. at SYN Ventures, Ann Johnson at Microsoft, Rohit Ghai at Barracuda Networks, and Mark Thurmond at Tenable, among many others. "Different people are a part of this 'mafia' network in different ways," he writes, illustrating how the company served as a talent incubator for the entire industry.
This human capital argument is the piece's strongest point. It suggests that the true value of a company like RSA isn't just its code or its patents, but the culture and expertise it instilled in its employees. "I am sure there are many more notable people, not all of them founders (after all, there are many, many ways to achieve impact in cybersecurity)," Haleliuk adds, broadening the definition of influence beyond just entrepreneurship. This framing challenges the reader to look past the current headlines and recognize the deep, generational connections that drive the sector.
The author also touches on the RSA Conference, which started as a niche cryptography event in 1991 and has grown into the industry's "town square." "Today, RSA Conference stands as the industry's 'town square', a neutral gathering place where security leaders, practitioners, founders, investors, analysts, and policymakers come to shape the future of our industry," Haleliuk writes. The fact that the conference is now independent of the company that named it is a testament to its enduring relevance. A counterargument worth considering is that the conference has become so large and commercialized that it risks losing the intimate, technical focus of its early days, but Haleliuk's focus remains on its role as a unifying force.
Bottom Line
Ross Haleliuk's analysis is a masterclass in connecting historical dots to explain current realities, proving that the "RSA mafia" is not a relic but a living, breathing engine of the cybersecurity industry. The strongest part of the argument is the evidence that the company's true legacy lies in its people and the spinout ecosystem, rather than its current brand presence. The biggest vulnerability is the potential for nostalgia to obscure the real challenges these legacy systems face in an AI-driven world, but the piece successfully argues that understanding the past is essential to navigating the future. For any leader in the field, recognizing these deep roots is not just academic—it's a strategic imperative.
"RSA Security has given a raise to its own mafia."
The Enduring Influence
Haleliuk concludes by inviting readers to look beyond the surface of the industry. "Some in the industry still remember the three people - Ronald Rivest, Adi Shamir, and Leonard Adleman - who started RSA Data Security some 44 years ago," he writes, grounding the modern chaos in the quiet brilliance of its origins. The author's final call to action is not to buy a product, but to recognize the lineage: "I'll see you at RSAC 2026 in March!" This closing reinforces the idea that the community, not just the technology, is what endures. The piece serves as a reminder that in a field obsessed with the new, the old often holds the keys to the future.