Although, as a startup founder now, I don’t get much (any?) time to look at parts of the industry unrelated to what I am building, I would still consider myself to be pretty plugged into the cybersecurity ecosystem. I have a good idea what is being discussed, what people pay attention to, and what questions are being asked, be it among CISOs, security professionals, investors, founders, startup operators, industry analysts, or anyone in between.

When people in the industry talk about many companies, it’s either innovative startups or powerful incumbents with unmatched distribution that get discussed. And yet, in the past five years, I recall having only one conversation (yes, one!) about what was once one of the most consequential giants in cybersecurity: RSA Security. This is a huge miss because, as you will see today, RSA Security, through its alumni, spinoffs, and the sheer impact it had in all areas of cyber, continues to influence the direction of security. That is exactly what this article is about.

This issue is brought to you by… Endor Labs

Ship secure code by default, whether it’s written by humans or AI.

Discover how to secure modern software in the age of AI with A Practical Guide to AI and Application Security. This essential resource demystifies how AI generates code, where the most critical risks emerge, and what AppSec leaders must do to protect AI-native development workflows.

Whether you’re tackling vulnerable dependencies, architectural risks, or integrating security earlier in your SDLC, this guide equips you with practical strategies to balance productivity and safety. Get actionable insights that help your team stay ahead of AI-driven threats and confidently secure code from the first commit to production.

Get the Guide

A brief history of RSA Security

RSA Data Security was founded in 1982 by three MIT cryptographers, Ron Rivest, Adi Shamir, and Leonard Adleman (the name “RSA” comes from the first letters of their last names). These three people, whom you don’t hear much about, invented what is now known as the RSA public-key cryptography algorithm, an algorithm that became one of the foundational technologies of the modern internet. RSA made encryption commercially viable during a time when the idea of secure internet communication itself was still pretty theoretical. RSA software libraries enabled secure web traffic, VPNs, email encryption, and financial transactions. Basically, their tech became embedded everywhere, from browsers to banking infrastructure all over the world.

RSA’s biggest commercial breakthrough came with the introduction of SecurID, a hardware token that generated one-time passwords for multi-factor authentication. RSA Data Security didn’t invent this product. Instead, in 1996, the company was acquired for $250 million by Security Dynamics which was in the business of making SecurID. Following this acquisition and integration of the RSA algorithms with the SecurID token, SecurID became the standard for enterprise authentication, used by governments, banks, and Fortune 500 companies. This acquisition was so consequential that in 1999, Security Dynamics announced it would be taking the name of its well-known subsidiary, RSA Data Security, and becoming RSA Security. For many organizations, RSA became synonymous with authentication itself.

RSA Security heavily leveraged M&As to expand into new areas and to acquire technologies it needed. Between 2001 and 2006, it bought and integrated several companies: Xcert International (digital certificate-based products for securing e-business transactions), 3-G International (smart card and biometric authentication products), Securant Technologies (identity management), Cyota (online security and anti-fraud for financial institutions), and PassMark Security (online banking authentication).

(As you can clearly see, these were the times when high-res logos weren’t a requirement).

Following its own acquisition spree, RSA Security itself became an acquisition target. On September 14, 2006, RSA stockholders approved the company’s acquisition by EMC Corporation for $2.1 billion. At the time, EMC was best known as a storage infrastructure giant, but it recognized early that securing data would become just as important as storing it. RSA became EMC’s dedicated security division and a cornerstone of its broader vision to help enterprises protect information across increasingly distributed and connected environments. Under EMC, RSA expanded far beyond its original authentication roots. It built a broad enterprise security portfolio that included identity and access management, security information and event management (SIEM) through NetWitness, governance, risk, and compliance via Archer, and fraud and risk intelligence platforms. RSA evolved from a cryptography leader into one of the most comprehensive enterprise security providers, serving governments, financial institutions, and large enterprises worldwide. Its technologies became deeply embedded in security operations, compliance programs, and authentication workflows across critical infrastructure.

RSA’s trajectory shifted again in 2016 when EMC was acquired by Dell Technologies in the largest technology merger ever ($67 billion!). RSA became part of Dell’s family of companies, alongside VMware and other infrastructure businesses. While RSA remained a respected name, it operated within a much larger corporate structure where security was only one part of a broader infrastructure strategy. That, however, didn’t last long as in 2020, RSA was spun out of Dell and acquired by Symphony Technology Group (STG), returning to independent ownership. This marked a symbolic full circle for a company that had helped define the cybersecurity industry decades earlier.

Some of today’s cyber giants were once members of the RSA family

Some of today’s cyber giants come from the RSA family, which includes communities, companies, and people.

RSA Security created the industry’s defining conference

March 15, 2022, marked the rebirth of the RSA Conference as a fully independent business. Originally started back in 1991 by RSA Data Security, RSA was once a small, specialized cryptography conference focusing on digital signature standards. Over the next three decades, it grew alongside RSA Security itself, following the company through its acquisitions by EMC Corporation and later Dell Technologies. In 2022, Crosspoint Capital, a PE firm focused on cyber and infrastructure software, acquired a significant interest in the conference and started operating it as a separate business.

Today, RSA Conference stands as the industry’s “town square”, a neutral gathering place where security leaders, practitioners, founders, investors, analysts, and policymakers come to shape the future of our industry. What started as a niche cryptography event a long time ago has now turned into something much larger - a place where people get to grow their careers, where startups first present their innovation to market, and where the direction of the entire industry takes form.

Enduring players that were once part of RSA Security

A number of companies that continue to play a significant role in their market segments were once part of RSA Security, including Archer, NetWitness, and Outseer.

Archer

Archer has been focusing on helping enterprises manage governance, risk, and compliance (GRC) since 2001. When most organizations relied on Excel spreadsheets, email, and fragmented workflows to track risk and compliance, Archer launched a centralized platform that essentially became an operating system for GRC. The product made it possible for large enterprises to map controls, track regulatory requirements, manage audits, and demonstrate compliance across complex environments.

RSA acquired Archer in 2010, recognizing that GRC was becoming a huge need at large enterprises. Under RSA, Archer became one of the most widely deployed GRC platforms in the world, particularly in highly regulated industries like financial services, healthcare, and government. Fundamentally, Archer became a system of record for enterprise risk, deeply embedded in how organizations understood and managed their risk and compliance (I described it as one of the “control points” in cyber).

In 2023, Archer was spun out as an independent company under Symphony Technology Group, also coming full circle and becoming an independent company. It’s hard to believe that, still today, 25 years after its founding (think about that for a second), the Archer platform remains one of the most trusted and widely deployed solutions for enterprise risk management and regulatory compliance, used by many of the world’s largest organizations. There are cohorts of new startups trying to go after GRC, some agentic and others not, but neither of them has so far been successful in taking on Archer at large enterprises at scale.

NetWitness

In April 2011, EMC Corporation acquired NetWitness, a network security analytics company led by Amit Yoran, a visionary security executive the industry tragically lost last year. EMC integrated NetWitness into its security division, RSA, combining NetWitness’s network visibility and packet analysis with RSA’s SIEM to provide a comprehensive threat detection and response. This acquisition ended up playing a much bigger role in the history of RSA Security. Amit Yoran, once NetWitness CEO, in October 2014 was named president of RSA, a position he held until he became CEO of Tenable in 2017. Although we lost Amit to cancer, he will always be remembered as one of the leaders who was deeply passionate about security and people in it.

In 2025, PartnerOne, an enterprise software conglomerate, acquired NetWitness from RSA, bringing things full circle and turning it into an independent company once again.

Outseer

The origins of Outseer go back to RSA’s Fraud and Risk Intelligence division, which focused on protecting financial institutions from online fraud, account takeover, and unauthorized transactions. As banking and commerce moved online in the 2000s, fraud quickly evolved far beyond simple credential theft into sophisticated, multi-stage attacks. RSA developed advanced fraud detection tools that analyzed user behavior, device fingerprints, network attributes, and transaction context to detect suspicious activity in real time. Under RSA, this business became one of the most widely deployed fraud and authentication platforms in the global financial sector. In 2021, Symphony Technology Group spun out RSA’s Fraud and Risk Intelligence division as an independent company and rebranded it as Outseer.

Companies that could have become a part of RSA Security but didn’t

While these are some of the better-known acquisitions and spinouts, in an alternate universe, RSA’s legacy could have been even more impressive. I’ve heard from multiple people that RSA Security once considered acquiring companies like Splunk and SailPoint, among others, though for various reasons those deals never materialized. Had they happened, the trajectory of the cybersecurity industry (and my “20 years of cybersecurity consolidation: how 200 companies became 11” article) might have looked very different.

The most impactful part is the generation of leaders that RSA Security helped raise

The most impactful legacy RSA Security left behind is the generation of leaders it helped raise. Different people are a part of this “mafia” network in different ways. For example,

• Rohit Ghai is now CEO of Barracuda Networks, following over a decade and a half as CEO of the Division of Dell Technologies, and then CEO of RSA Security.

• Mark Thurmond, once SVP of Worldwide Sales at RSA Security, is now a Co-CEO at Tenable.

• Ash Devata, who is now CEO of GreyNoise, had a ~7-year run at RSA Security, culminating in the Head of RSA Solutions role.

• Dino DiMarino, once VP at RSA Security, is now CEO at AppViewX.

• Dave DeWalt, who would go on to become CEO of McAfee, CEO of FireEye, and then founder & CEO of NightDragon, was Executive Vice President and President of Customer Operations for EMC.

Plenty of people went on to eventually start their own companies, some a while ago and some pretty recently. The list includes -

• Rob Davis, CEO and Founder of Critical Start

• Aditya Narayana, Co-Founder of Mirror Security

• Jessica Alexander, Founder and CEO of Skematic, former VP of Sales at CrowdStrike

• Nadav Cornberg, CEO of Eve Security

• Dana Wolf, Co-Founder and CEO of YeshID

• Muli Motola, Co-Founder and CEO at Acsense

• Austin McDaniel, Founder and CEO of Good Code

• Brad Taylor, Co-Founder and CEO of PROFICIO

• Rob Black, Founder and CEO of Fractional CISO

• Mark Jones, Founder and CEO of BlackLake Security

• Peter Goldstein, Co-Founder and CTO of Valimail (now a part of DigiCert)

I am sure there are many more notable people, not all of whom are founders (after all, there are many, many ways to achieve impact in cybersecurity).

Closing thoughts

Cybersecurity is full of mafias. I have previously discussed a few of them in my other articles:

• The power of Check Point mafia, the impact of Foundstone, Juniper Networks & Cisco on the industry, and the origins of cyber ecosystems

• Splunk, Okta, Cylance, Palo Alto, CrowdStrike, and Zscaler mafias in cybersecurity

• Follow the people: @stake, NetScreen, IBM, Israel Defense Forces and the US Armed Forces mafia networks in cybersecurity

• Get ready for Wiz mafia to forever reshape the future of cybersecurity

RSA Security has given a raise to its own mafia. While the RSA Security’s booth is no longer the most prominent both at the conference it is named after, its impact lives on, through people, companies, and of course through the RSA Conference community it created.

Some in the industry still remember the three people - Ronald Rivest, Adi Shamir, and Leonard Adleman - who started RSA Data Security some 44 years ago. For their contributions, in 2002, they all received the Turing Award. The one other person to remember is Jim Bidzos, the original creator of the RSA Conference. Bidzos served as president and CEO of RSA Security from 1986 to 1999, and it was under his leadership that the RSA Conference was first started. Decades later, the event continues to grow beyond what Jim (or anyone else) would have ever imagined.

I’ll see you at RSAC 2026 in March!

Stop by my session, too (I am speaking), or come say hi at my book signing and grab your copy of “Cyber for Builders” (right after my session on Tuesday, March 24th at 11am at RSAC Bookstore).

If you like my blog, please subscribe & share it with your friends. I do this in my free time, so seeing the readership grow helps me to stay motivated and write more. I don’t send anything except my writing and don’t sell your data to anyone as I have better stuff to do.

If you are a builder - current or aspiring startup founder, security practitioner, marketing or sales leader, product manager, investor, software developer, industry analyst, or someone else who is building the future of cybersecurity, check out my best selling book, Cyber for Builders.

If your company is interested in sponsoring Venture in Security, check out Sponsorships.

Lastly, check out the Inside the Network podcast where we bring you the best founders, operators, and investors building the future of cybersecurity.

Share