About EPAM Systems

EPAM Systems provides software engineering services for software development and digital platforms to their customers across the globe. The company provides services in customer experience design, business consulting and technology innovation services. Its engineering solutions include software development, testing and maintenance with private, public and mobile infrastructures through infrastructure management services.

• 280+ Forbes Global 2000 Customers
• 50+Countries & Regions

Challenges:

• Fast cybersecurity team growth and the need to keep up with the latest techniques and technologies
• Traditional training methods not built for the rapidly evolving threat landscape
• Clients requiring industry-recognized training
• Need to cross-train team members to stay sharp and upskill engineers

Solutions:

• A comprehensive, hands-on training program
• Industry-recognized training and certification
• Training platform built for teams 

Benefits:

• Scalable growth: 4 to 70 cybersecurity team members in less than 12 months
• Cutting-edge content: Access to all the latest techniques and technologies
• Faster onboarding: Easy to manage and provision training
• Workforce management: Proven upskilling process for engineers
• Analytics & Support: Extensive management tool suite and metrics, and a support team

Challenges

As demand for their cybersecurity services surged, EPAM Systems experienced rapid team expansion, with their offensive security team growing from a modest 4 members to a formidable force of 70 in just 12 months. Keeping up with this fast-paced growth necessitated not only hiring new talent but also continuously upskilling existing team members. 

Maintaining a highly effective cybersecurity team requires constant cross-training to broaden the skill sets of individual members. However, implementing an efficient and effective cross-training process presented its own set of challenges.

The conventional training approaches also struggled to keep pace with the rapidly evolving threat landscape and traditional classroom-based training and static materials proved insufficient in preparing the team to tackle sophisticated cyber threats effectively.

Furthermore, EPAM’s clients increasingly demanded that the company's team possess industry-recognized certifications to ensure their competence and expertise in dealing with complex security challenges.

Solutions

To address the challenges of fast team growth and the need for continuous learning, EPAM Systems purchased OffSec, a leading cybersecurity learning and skills development provider to implement a comprehensive, hands-on training platform. 

Recognizing the limitations of traditional training methods, EPAM purchased a Learn Enterprise Subscription that gave them complete access to the OffSec Learning Library throughout a full year, as well as to real-world simulated practices in the OffSec Cyber Range.

This approach provided team members with continuous access to the latest training resources and updates, enabling them to stay current with the rapidly changing threat landscape. It also allowed for flexibility in learning, as team members could access training materials at their convenience and revisit them whenever needed.

“We really enjoy the OffSec Learn Enterprise solution as it provides training on the latest threats, while supporting the different learning needs of our team members. .” Vitali Dzemidovich, Service Delivery Manager

In addition, OffSec training incorporates practical exercises, simulations, and real-world scenarios to ensure that team members gained valuable experience and were well-prepared to face complex cybersecurity challenges. For Andrei Dzesiatsik, the Security Testing Manager at EPAM Systems, practical knowledge is one of the most crucial characteristics of a cybersecurity training program, and the OffSec Certified Professional (OSCP) certification provided just that. 

“OffSec’s OSCP certification remains one of the certificates where your expertise is proved by practical application.“

To meet the demands of clients and prove the team's competence, the company opted for industry-recognized certifications for its cybersecurity team. The training program ensured that team members received cutting-edge knowledge and gained credentials that instilled confidence in clients. These certifications validated the team's expertise and provided tangible evidence of their skills and capabilities.

“We had a client, a large financial institution that required a certified team. When we shared that our team members hold an OSCP, this we a big differentiator for us and allowed us to win over the client.” Andrei Dzesiatsik, Security Testing Manager

In addition to the core training program, choosing OffSec allowed them to have access to several supportive measures to enhance their program management and ensure the success of the training initiatives. These measures included:

• Team management & analytics: OffSec offers a comprehensive management tool suite, which allowed EPAM and managers like Andrei and Vitali to monitor the team's progress, track success rates, and generate insightful metrics. These metrics provided valuable insights into individual and team performance, helping identify areas for improvement and optimizing training plans.
• Dedicated support team: OffSec also provides a dedicated support team that offers guidance and assistance throughout the learning program. This support team was available to address any queries, provide technical assistance, and ensure a smooth learning experience for all team members.

Benefits

With OffSec Learn Enterprise, EPAM has achieved scalable growth, seamlessly expanding their offensive security team from the initial 4 members to an impressive 70. Rapid onboarding and upskilling ensured that the team could keep pace with the organization's growth without compromising on the quality and effectiveness of their cybersecurity services.

As one of the key enablers for upskilling was fundamental-level content that helped offensive security practitioners be better at their job by learning defensive skills through SOC content, as well for those involved in web applications. EPAM is able to continuously upskill their team members in all aspects of cybersecurity and keep them up-to-date on the latest skills, techniques and technologies. 

And when it comes to engineers wanting to branch out and upskill to a security role, OffSec also helps the EPAM team. 

“We have an internal assessment procedure where if an engineer wants to level up in his title, he needs to pass certain certifications, and PEN-200 and the OSCP are one of them.” Vitali Dzemidovich, Service Delivery Manager

The Learn Enterprise subscription also allowed Vitali, Andrei and other managers to have a simple provisioning process for training. Through a comprehensive corporate panel, they are able to easily assign seats in their subscriptions, but also track statistics related to training. The metrics offered valuable insights into individual and team performance, facilitating targeted improvements and ensuring that training efforts aligned with organizational goals.

Additionally, the subscription makes budget planning simple as they know exactly what amount they will spend on training at the end of each year, and do not need to think about predicting what number of standalone courses they would need throughout the year.

Conclusion

By overcoming the challenges of fast team growth, dynamic threat landscape, client demands for industry-recognized training, and the need for continuous cross-training, EPAM Systems demonstrated the value of investing in innovative training solutions via OffSec Learn Enterprise.