IMPACT 2024 USA white

Sasha Romanosky

Senior Policy Researcher, RAND


Our panel will discuss the topics covered in the preceding presentations. They’ll analyse the themes, and share what they see as most important takeaways for how the ideas can be applied in the work place.


Sasha Romanosky is a Senior Policy Researcher where he studies topics on cyber crime, insurance, national security, and law & economics. Sasha holds a Ph.D. in Public Policy and Management from Carnegie Mellon University and a B.S. in Electrical Engineering from the University of Calgary, Canada. He was a Microsoft research fellow in the Information Law Institute at New York University School of Law, and a security professional for over 10 years.

Sasha is one of the original authors of the Common Vulnerability Scoring System (CVSS), an international standard for scoring computer vulnerabilities (ITU-T X.1521), and co-creator of EPSS, an emerging standard for predicting software vulnerability exploitation. Sasha is a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon, and an appointed member of DHS’s Data Privacy and Integrity Committee (DPIAC), where he advises the Secretary of Homeland Security and DHS’s Chief Privacy Officer on policy, operational, and technology issues.