Theori CEO Se-jun Park: "Aiming for Nasdaq Listing Within 7 Years... Realizing a Safer World Through Technology"

[Financial News] "From the beginning, our goal after securing investment was to list on the Nasdaq Stock Market (Nasdaq) within 7 to 10 years. It has now been three years since we received investment, so we will continue to steadily build up the necessary indicators for listing in the remaining period."
On the 1st, during an interview at Theori's headquarters in Gangnam-gu, Seoul, CEO Se-jun Park stated, "I want to leave a mark such that, if we imagine a parallel universe, people would say the world I am in is safer than the alternative. Theori's vision is 'making the world safer through technology.'"
Theori is a cybersecurity company co-founded in 2016 by CEO Park, an alumnus of Carnegie Mellon University (CMU), and Chief Technology Officer (CTO) Andrew Wesie. The company is composed mainly of white-hat hackers who have achieved outstanding results at international hacking competitions, including DEF CON. Theori provides security consulting to global companies such as Google, Microsoft, Naver Corporation, and Samsung Electronics. The company has attracted cumulative investments totaling 23 billion KRW and is recognized for its technological prowess in attacker-oriented security based on artificial intelligence (AI).
Park explained, "A project in the United States to verify next-generation security techniques for a global company was a turning point for Theori. We were asked to attack and see if the new security method could actually be breached. At first, the defenses were so robust that we failed repeatedly. However, through persistence and determination, we eventually found a workaround, which gave us the confidence that our team could validate even the world’s best technologies."
The founding of Theori stemmed from Park’s awareness of problems in the compensation structure. While in college, he successfully completed a major security project at Lockheed Martin, a U.S. defense contractor, but the only rewards he received were a certificate and standard pay. Park recalled, "I realized that even if you make a key contribution, it’s hard to expect fair compensation as an intern. This naturally led me to want to create a company where rewards for achievements are transparently distributed among team members."
Recently, Theori has been focusing on its AI hacker, Xint. Xint is an AI-based security solution that has learned attack scenarios and techniques accumulated by white-hat hackers. Its strength lies in its ability to inspect large-scale systems with high accuracy in a short period of time.
Park emphasized, "Every time code changes or systems age, vulnerabilities must be continuously found and fixed to ensure safety. But with only existing manpower and budgets, there are limits. In today’s world, where AI-driven hacking is rampant, Xint can proactively detect even unknown attack methods and vulnerabilities." He added, "Xint uses multiple agents to cross-verify results and directly executes proof-of-concept exploit code, which greatly reduces false positives and hallucinations."
Regarding the recent series of domestic hacking incidents, Park diagnosed, "It’s not that the absolute number of incidents has suddenly surged, but rather that incidents now occur in services directly connected to people’s daily lives, making them much more visible." He noted, "Since COVID-19, digitalization and remote work have accelerated, expanding the attack surface. Now, instead of targeting specific companies directly, it has become common to hack external solutions or service providers used by those companies to hit multiple targets at once." Park particularly criticized, "Many recent incidents are essentially the result of basic security issues that everyone knew about but postponed addressing, now coming back all at once like debts with added interest."
Park said, "In the United States, when an incident occurs, you have to consider punitive fines, class-action lawsuits, and even stock price shocks. As a result, security naturally becomes central to risk management in business operations. In contrast, in Korea, fines are generally low, so it’s actually rational to view them as just 'a penalty you’ll get hit with someday.' Security is often the first area to be cut when reducing budgets."
While Park agreed with the overall direction of the government’s comprehensive cybersecurity measures, he suggested, "Without realistic planning, such policies could end up as mere number-driven initiatives." Regarding the annual goal of training 500 white-hat hackers, he said, "We need to consider what level of talent is being referred to and how many real mentors are available to teach them." He continued, "There are few experts who have actually conducted real-world attacks, and poor compensation leads to repeated departures from the security field. Appropriate rewards and career path planning must go hand in hand."
He also pointed to the urgent need to revise the Act on Promotion of Information and Communications Network Utilization and Information Protection (ICNA), saying, "The original intent was excellent, but now it has become a shackle. In an environment where even well-intentioned vulnerability reports result in legal liability, Bug Bounty Programs or vulnerability disclosure initiatives cannot grow, and opportunities for hands-on experience in the field disappear."
psh@fnnews.com Seong-hyun Park Reporter