A Conversation With Coupang’s Head Of Global Hunting, Oversight And Strategic Triage
In a recent interview with Forrester, Tae Kim, Coupang’s Head of Global Hunting, Oversight and Strategic Triage (GHOST), shared his unique perspective on building a proactive, intelligence-led cybersecurity program. With a background spanning the US Government, a US financial corporation, and an international cybersecurity vendor, Tae brings deep expertise to Coupang’s evolving threat landscape. Here are some of the most insightful takeaways from our conversation.
Forrester (Meng Liu): What is the threat management team, and how does it fit into Coupang’s security organization?
Coupang (Tae Kim): The threat management team is Coupang’s proactive security arm, responsible for threat intelligence, threat hunting, attack simulation, and detection engineering. The team was formed in the middle of 2024, under the guidance of our Chief Information Security Officer to enhance the overall security capability of our organization. We sit alongside the Red Team and work closely with IAM and Blue Team functions. Our mission is to anticipate threats before they materialize and reduce attacker dwell time when incidents occur. Coupang is investing heavily in proactive defense, not just reactive response. The teams have already made significant contributions to security improvements for the company through use of intelligence on potential threat actors.
Meng: What’s the size of Coupang’s Cyber Threat Intelligence (CTI) team today?
Tae Kim: We currently have a number of dedicated CTI analysts within a broader threat management team. We’re growing, with plans to expand regionally, including in Taiwan. The goal is to build a scalable, intelligence-led security model that supports Coupang’s critical role in the region’s digital infrastructure.
Meng: How does Coupang approach threat intelligence differently?
Tae Kim: We see threat intelligence as a strategic function, not just a feed of indicators of compromise (IOCs). Our team leverages commercial vendors to monitor open sources, the dark web, and criminal marketplaces to identify leaked credentials, brand impersonation, and emerging threats. We also prioritize intelligence use cases like vulnerability intelligence, fraud detection, phishing domain takedowns, and strategic actor tracking. Everything is tied back to business risk. For example, a fraudster could try to register a phishing domain that closely mimics Coupang’s e-commerce site. The intent of this domain would be to trick customers into revealing their credentials, enabling account takeovers and fraudulent transactions. This could not only result in direct financial losses but also erode customer trust.
Meng: What’s unique about threat intelligence in the APAC region?
Tae Kim: The challenge of threat Intelligence is often tied to availability of information, and in the APAC region the mechanisms to share information between private and public sectors, especially cross-border collaboration, are still developing. A noteworthy aspect of this region is the presence of strong identity controls, such as Real Name Verification in countries like South Korea and Japan. These policies, which link digital identities to real individuals and central databases, serve as a significant deterrent to domestic cyber fraud. This has led to a pattern where most cyber fraud activities originate from outside the country, underscoring the importance of improving cross-border collaboration. Another observed trend is the limited presence of dedicated CTI teams across the region, especially in industries outside of financial services.
Meng: How does Coupang deal with nation-state threats?
Tae Kim: Nation-state threats, which are cyberattacks and strategic actions carried out by government-sponsored actors to accomplish geopolitical objectives, are persistent and growing, seeking economic or military advantage. They may target commerce services like Coupang to disrupt supply chains or maintain persistence in critical infrastructure. We operate under the assumption that breaches will happen and focus on minimizing impact and dwell time. Threat intelligence helps us understand attacker intent and prioritize defenses accordingly.
Meng: What’s Coupang’s strategy for sourcing threat intelligence feeds?
Tae Kim: We use a mix of various open-source and commercial feeds, such as publicly available information domain or IP reputations, shared malware signatures, and paid proprietary threat intelligence feeds. While our team tries to leverage various free reputational sources of information, return on investment is the main factor that determines what paid information is procured. No single vendor can cover everything, so we evaluate based on For example, we use one vendor for global breach intelligence, another for dark web monitoring, and a third for fraud and abuse intelligence. We also against our intelligence requirements.
Meng: How is AI being used in Coupang’s threat intelligence operations?
Tae Kim: AI and machine learning are already embedded in many of our vendor tools for correlation and attribution. Internally, we use a vendor provided Threat Intelligence Platform (TIP) with built-in AI tools to aggregate and score intelligence. We’re also piloting large language models (LLMs) to process finished intelligence reports—summarizing key points, identifying relevance, and reducing analyst workload. It’s about making intelligence more actionable, faster.
Meng: What are the biggest challenges in building a CTI team in APAC?
Tae Kim: Talent scarcity is a global issue, and the APAC region is no different. In the U.S., a job posting might get 100+ applicants, which often lead to a small number of qualified applicants. In APAC, based on my experience, the total number of applicants is lower, with a similarly limited number of qualified candidates. Most existing CTI roles in the region are either part-time or embedded into other functions. We’re looking for analysts who understand both technical indicators and strategic context—especially those with e-commerce experience with strong technical skills, which requires professional proficiency in English, with understanding of the local environments that require professional proficiency in the respective local languages like Korean, Mandarin, and Japanese. To address the problem, the short-term solution is identifying candidates that may not be a perfect fit, but they are willing to learn on the job. A long-term solution will likely involve governments working with companies establishing entry-level programs, to help start their cybersecurity careers, including in CTI. These efforts are already underway in South Korea, Taiwan, Japan, and others in the region, where they are making more investments in cybersecurity in education and various industries.
What APAC CISOs Can Learn from Coupang
Coupang’s threat intelligence program offers a compelling model for CISOs across South Korea and the broader APAC region. By embedding intelligence into every layer of security—from vulnerability management to fraud detection and nation-state defense—Coupang demonstrates how to build resilience in a rapidly evolving threat landscape.
Key takeaways for other organizations:
- Invest in proactive security: APAC enterprises are using threat intelligence to improve their vulnerability prioritization. Many organizations utilize vulnerability threat intelligence as a factor into their proactive security program. Forrester defines proactive security as a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation. Vendors like VulnCheck and threat research teams at proactive security vendors like Tenable or Rapid7 can provide intelligence on vulnerabilities that are being exploited in the wild and vulnerabilities that have exploit code published. They can also detect chatter on the dark web and in social media about specific common vulnerabilities, exposures, or exploits.
- Tailor intelligence to business risk: Focus on what matters most to your operations. In the case of Coupang, they are tailoring their threat intelligence with a focus on fraud intelligence and brand intelligence to manage ecommerce related business risks like fraud and phishing domains.
- Use AI to scale: Automate where possible such as aggregating intelligence, doing correlation analysis and drafting threat reports, but keep humans in the loop.
- Build regional talent: Develop CTI capabilities locally to close the skills gap.
As digital infrastructure such as ecommerce and financial services becomes more critical, threat intelligence isn’t just a nice-to-have—it’s a strategic imperative. Forrester will soon publish a report on the top threat intelligence trends in APAC, offering deeper regional and industry-specific insights.
If you’d like to dive deeper for APAC threat intelligence questions, set up an inquiry or guidance session with Meng Liu for a conversation. For threat intelligence questions in other regions, you can set up an inquiry or guidance session with Jitin Shabadu.
