After working in government for several years, this Talos threat hunter is diving into the dark web

Growing up, Jacob Finn says he wanted to be a detective (or maybe a veterinarian, but there’s still plenty of time for that).

Today with Talos, he’s a detective. And while he’s still hunting for bad actors, instead of combing crime scenes for clues, he’s reading and analyzing dark web forums, leveraging open-source intelligence, and exploiting network telemetry for signs of where adversaries are headed next.

He works on Talos’ Threat Intelligence and Interdiction team as a strategic analyst, which in his words, “looks at the cyber threat landscape from a 30,000-foot view.” A huge part of Finn’s job is writing threat assessments and alerts for intelligence partners, customers, and cyber-attack victims. He’s also a major advocate of public-private partnerships across the cybersecurity ecosystem.

So, it’s fitting that Finn has always had one foot in the public sphere even while transitioning to work in the private sector.

Finn started his cybersecurity career as the Cybersecurity Policy Director for Los Angeles Mayor Eric Garcetti during Garcetti’s second term, working on new intelligence-sharing agreements between L.A. and other major cities with similar security concerns, helping the mayor write cybersecurity-related policies, and advocating for the government to improve its defensive capabilities.

Finn (center) speaking at a panel on behalf of Los Angeles Mayor Eric Garcetti in 2019.

But Finn says he “never expected cybersecurity to be in my long-term plan.”

After receiving his bachelor's degree from the University of California, Los Angeles (UCLA), he attended Reichman University in Herzliya, Israel to receive a master’s in homeland security and counterterrorism, the field he believed he’d make a career of. As part of the curriculum, Finn studied cyberterrorism, which drew him to research how global terrorist organizations use the Internet to advance their operations. He received the offer to advise the mayor in the L.A. Mayor’s Office of Public Safety upon returning home to California.

Finn worked for the Garcetti administration at a time when other major cities like Atlanta were dealing with massive, impactful ransomware attacks. One initiative he led involved working with two of L.A.’s sister cities — Auckland, New Zealand and Guangzhou, China — to establish a multilateral agreement regarding emerging security threats and natural disasters.

Finn (far left) at the signing of an information-sharing agreement between Los Angeles, Auckland, New Zealand and Guangzhou, China in 2019.

“Part of it was devising best practices to protect our communities from major emergencies, which included building mechanisms for information-sharing,” Finn said. “I think this just shows how important cities are in terms of leading the way in security policy and preparation… at the federal government, it’s all about funding and national-level policy, but you don’t actually see how that is implemented at the local level.”

Finn eventually took a job with the U.S. Department of Defense. After years of building expertise in intelligence and national security, he then decided to head into the private sector, applying for a job as a strategic intelligence analyst with Talos.

Today, Finn combs through Talos’ various intelligence sources, open-source research, partner resources, and Cisco product telemetry to track major attacker trends and emerging threats. He has mostly focused on state-sponsored actors and threats stemming from criminal groups.

This research eventually takes the form of public reports, customer alerts, and intelligence that’s shared with Talos’ detection teams to create defensive content for Cisco Secure products. Finn and his team were heavily involved in the creation of Talos’ first-ever Year in Review report, which recapped the major attacker trends in 2022.

Finn brings his public government experience to the role by knowing the importance of information-sharing and what types of security concerns are relevant to practitioners who are tasked with defending municipalities and important public services. But he also had to learn many of the technical skills on the job once he started at Talos — he jokes that he had never opened Terminal on Mac before his first day on the job.

“Everyone at Talos understands that each person comes from different backgrounds with different skills or contributions, and may not have the same level of technical knowledge,” he said. “And now I feel very comfortable using Talos’ different tools to look through datasets such and endpoint logs and other network telemetry.”

Finn still spends a lot of time thinking about the implications of security trends, though, and how that affects the American public.

He recently participated in a pitch competition (think “Shark Tank” but for national security policy) with the Center for a New American Security, a high-profile Washington, D.C. national security think tank. Finn’s idea that he shared with the panel involved a new cybersecurity certification program that private companies could apply for.

Finn’s idea involves a set of standards that private companies could adhere to regarding security measures, verification methods and other cybersecurity protocols used to protect personal information.

“If a company sells a service or product involving storage of sensitive data such as PII [personally identifiable information] or attorney-client privileged information, you as the consumer want to be satisfied that the company is meeting a certain level of standards so they’re less likely get breached,” Finn said. “This certification program is built on the underlying assumption that companies that are profit-driven, will seek to adopt stronger security standards if consumers are demanding it.”

You can watch Finn’s full pitch to the CNAS panel below.

It’s that type of broader thinking and thought leadership that makes Finn a perfect teammate for the Strategic Analysis team. Rather than diving into the nitty-gritty of a tactical malware campaign or a specific botnet, Finn is taking in information from all directions to try and figure out what’s going to be the next big threat or trend in the security landscape. This all goes to show that researchers with a variety of skillsets and professional experiences can contribute to Cisco Talos’ defenses.