Sasha Romanosky, PhD

Senior Policy Researcher, RAND Corporation

Sasha Romanosky researches topics on the economics of security and privacy, national security, applied microeconomics, and law & economics. He is a Policy Researcher at the RAND Corporation, a faculty member of the Pardee RAND Graduate School, and an affiliated faculty in the Program on Economics & Privacy at the Antonin Scalia Law School, George Mason University.

Sasha holds a Ph.D. in Public Policy and Management from Carnegie Mellon University and a B.S. in Electrical Engineering from the University of Calgary, Canada. He was a security professional for over 10 years, and is one of the original authors of the Common Vulnerability Scoring System (CVSS), an international standard for scoring computer vulnerabilities (ITU-T X.1521), and co-creator of EPSS, an emerging standard for predicting software vulnerability exploitation.

Sasha is also a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon where he oversaw the Department's Vulnerability Equities Process (VEP), the Vulnerability Disclosure Program (VDP), and other cyber policy matters.

My Sessions

Navigating Risks With Cyber Insurance (Sponsored by BitSight)

The significance of the cyber insurance industry is growing given the frequency and severity of breaches. Having an insurance policy that covers cyber-related incidents is critical for businesses, and no longer a 'nice to have' in the digital economy. But not all insurance policies provide comprehensive coverage, so just how much coverage do you need and what practical benefits can it offer to your security leaders?

Join this session to understand the full scope of what insurance policies do and don't cover, industry insights into new claim trends and regulatory priorities.

  • Adrian Davis, Chief Executive Officer, Information Assurance Advisory Council
  • Mark Hendry, Director, Data Protection and Cyber Security, DWF Law LLP
  • Sasha Romanosky, PhD, Senior Policy Researcher, RAND Corporation