Sasha Romanosky researches topics on the economics of security and privacy, national security, applied microeconomics, and law & economics. He is a Policy Researcher at the RAND Corporation, a faculty member of the Pardee RAND Graduate School, and an affiliated faculty in the Program on Economics & Privacy at the Antonin Scalia Law School, George Mason University.
Sasha holds a Ph.D. in Public Policy and Management from Carnegie Mellon University and a B.S. in Electrical Engineering from the University of Calgary, Canada. He was a security professional for over 10 years, and is one of the original authors of the Common Vulnerability Scoring System (CVSS), an international standard for scoring computer vulnerabilities (ITU-T X.1521), and co-creator of EPSS, an emerging standard for predicting software vulnerability exploitation.
Sasha is also a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon where he oversaw the Department's Vulnerability Equities Process (VEP), the Vulnerability Disclosure Program (VDP), and other cyber policy matters.