Inside An E-Commerce Giant’s Threat Intelligence Strategy
I recently sat down with Tae Kim, Coupang’s head of threat management, who shared his unique perspective on building a proactive, intelligence-led cybersecurity program. With a background spanning the US government, a US financial corporation, and an international cybersecurity vendor, Tae brings deep expertise to Coupang’s evolving threat landscape. Here are some of the most insightful takeaways from our conversation.
ML: What’s the threat management team, and how does it fit into Coupang’s security organization?
TK: The threat management team is Coupang’s proactive security arm, responsible for threat intelligence, threat hunting, attack simulation, and detection engineering. The team was formed in the middle of 2024, under the guidance of our chief information security officer, to enhance the overall security capability of our organization. We sit alongside the red team and work closely with identity access management and blue team functions. Our mission is to anticipate threats before they materialize and reduce attacker dwell time when incidents occur. Coupang is investing heavily in proactive defense rather than solely relying on reactive response. The teams have already made significant contributions to security improvements for the company through use of intelligence on potential threat actors.
ML: What’s the size of Coupang’s cyber threat intelligence (CTI) team today?
TK: We currently have a number of dedicated CTI analysts within a broader threat management team. We’re expanding regionally, with plans to grow our presence in Taiwan. The goal is to build a scalable, intelligence-led security model that supports Coupang’s critical role in the region’s digital infrastructure.
ML: How does Coupang approach threat intelligence differently?
TK: We see threat intelligence as a strategic function, not just a feed of indicators of compromise. Our team leverages commercial vendors to monitor open sources, the dark web, and criminal marketplaces to identify leaked credentials, brand impersonation, and emerging threats. We also prioritize intelligence use cases like vulnerability intelligence, fraud detection, phishing domain takedowns, and strategic actor tracking. Everything ties back to business risk: For example, a fraudster might register a phishing domain that closely mimics Coupang’s e-commerce site. The intent of this domain would be to trick customers into revealing their credentials, enabling account takeovers and fraudulent transactions. This could not only result in direct financial losses but also erode customer trust.
ML: What’s unique about threat intelligence in the APAC region?
TK: The challenge of threat intelligence is often tied to availability of information — in the APAC region, the mechanisms to share information between private and public sectors, especially cross-border collaboration, are still developing. A noteworthy aspect of this region is the presence of strong identity controls, such as real name verification in countries like South Korea and Japan. These policies, which link digital identities to real individuals and central databases, serve as a significant deterrent to domestic cyber fraud. As a result, most cyber fraud activities tend to originate outside the country, underscoring the importance of improving cross-border collaboration. Another observed trend is the limited presence of dedicated CTI teams across the region, especially in industries outside of financial services.
ML: How does Coupang deal with nation-state threats?
TK: Nation-state threats, which are cyberattacks and strategic actions carried out by government-sponsored actors to accomplish geopolitical objectives, are persistent and growing, with the aim of seeking economic or military advantage. Attackers may target commerce services like Coupang to disrupt supply chains or maintain persistence in critical infrastructure. We operate under the assumption that breaches will happen and focus on minimizing impact and dwell time. Threat intelligence helps us understand attacker intent and prioritize defenses accordingly.
ML: What’s Coupang’s strategy for sourcing threat intelligence feeds?
TK: We use a mix of various open-source and commercial feeds, such as publicly available information domain or IP reputations, shared malware signatures, and paid proprietary threat intelligence feeds. While our team tries to leverage various free reputational sources of information, ROI is the main factor that determines what paid information is procured. No single vendor can cover everything, so we use one vendor for global breach intelligence, another for dark web monitoring, and a third for fraud and abuse intelligence.
ML: How is AI being used in Coupang’s threat intelligence operations?
TK: AI and ML are already embedded in many of our vendor tools for correlation and attribution. Internally, we use a vendor-provided threat intelligence platform with built-in AI tools to aggregate and score intelligence. We’re also piloting large language models to process finished intelligence reports and summarize key points, identifying relevance and reducing analyst workload. It’s about making intelligence more actionable, faster.
ML: What are the biggest challenges in building a CTI team in APAC?
TK: Talent scarcity is a global issue, and the APAC region is no different. In the US, a job posting might get over 100 applicants, which often leads to a small number of qualified applicants. In APAC, based on my experience, the total number of applicants is lower, with a similarly limited number of qualified candidates. Most existing CTI roles in the region are either part-time or embedded into other functions. We’re looking for analysts who understand both technical indicators and strategic context — especially those with e-commerce experience and strong technical skills, which requires professional proficiency in English, along with an understanding of local environments, which requires professional proficiency in languages like Korean, Mandarin, and Japanese. The short-term solution is identifying candidates who may not be a perfect fit but are willing to learn on the job. A long-term solution will likely involve governments working with companies establishing entry-level programs and helping people start their cybersecurity careers, including in CTI. These efforts are already underway in South Korea, Taiwan, Japan, and other APAC markets, where more investments are being made in cybersecurity education and various industries.
What Can APAC CISOs Learn From Coupang?
Coupang’s threat intelligence program offers a compelling model for CISOs across South Korea and the broader APAC region. By embedding intelligence into every layer of security — from vulnerability management to fraud detection and nation-state defense — Coupang demonstrates how to build resilience in a rapidly evolving threat landscape.
Key takeaways for other organizations:
- Invest in proactive security. APAC enterprises are using threat intelligence to improve their vulnerability prioritization. Many organizations utilize vulnerability threat intelligence as a factor in their proactive security program. Forrester defines proactive security as a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation. Vendors like VulnCheck and threat research teams at proactive security vendors such as Tenable or Rapid7 can provide intelligence on vulnerabilities that are being exploited in the wild and vulnerabilities that have exploited published code. They can also detect chatter on the dark web and in social media about specific common vulnerabilities, exposures, or exploits.
- Tailor intelligence to business risk. Focus on what matters most to your operations. In the case of Coupang, the firm is tailoring its threat intelligence with a focus on fraud intelligence and brand intelligence to manage e-commerce-related business risks such as fraud and phishing domains.
- Use AI to scale. Automate where possible, such as by aggregating intelligence, performing correlation analysis, and drafting threat reports, but keep humans in the loop.
- Build regional talent. Develop CTI capabilities locally to close the skills gap.
As digital infrastructure becomes more critical, threat intelligence isn’t just a nice-to-have — it’s a strategic imperative. Forrester has published a report The Top Trends Shaping Threat Intelligence In Asia Pacific on the top threat intelligence trends in APAC, offering deeper regional- and industry-specific insights.
If you’d like to dive deeper into APAC threat intelligence, set up an inquiry or guidance session with Meng Liu for a conversation. For threat intelligence questions in other regions, you can set up an inquiry or guidance session with Jitin Shabadu.
