Sasha Romanosky

Sasha Romanosky

Policy Researcher, RAND Corporation

Sasha Romanosky is a policy researcher at the RAND Corporation and former cyber policy advisor at the Pentagon in the Office of the Secretary of Defense for Policy (OSDP).

He researches topics in the economics of security and privacy, information policy, applied microeconomics, and law and economics. For example, he has examined whether state data breach disclosure laws have reduced consumer identity theft; when and how firms are more likely to be sued when they suffer a data breach, and when they’re more likely to settle. He has also studied the cost of data breaches in order to understand whether corporate losses are really as severe as is commonly believed. And most recently, he collected a dataset of cyber insurance policies to examine how insurance carriers measure and price cyber risk.

He was a Microsoft research fellow in the Information Law Institute at New York University, and was a security professional for over 10 years in the financial and e-commerce industries. He holds a CISSP certification, and is co-author of the Common Vulnerability Scoring System (CVSS), an open standard for scoring computer vulnerabilities. While in DoD, he oversaw two of the Department's most critical vulnerability programs, and advised on numerous other matters related to cyber security and cyber policy.

Romanosky holds a Ph.D. in public policy and management from Carnegie Mellon University, and a B.S. in electrical engineering from the University of Calgary, Canada.


A person listed as a contributor has spoken or otherwise participated in Federalist Society events, publications, or multimedia presentations. A person's appearance on this list does not imply any other endorsement or relationship between the person and the Federalist Society. In most cases, the biographical information on a person's "contributor" page is provided directly by the person, and the Federalist Society does not edit or otherwise endorse that information. The Federalist Society takes no position on particular legal or public policy issues. All expressions of opinion by a contributor are those of the contributor.