How greenhats Turned a High-Stakes Pitch into a Cybersecurity Win with OSCE³

The turning point didn’t start as a success story. It started as a risk.

When the NFL brought its games to Germany, Frankfurt stadium was selected as a host. For events like thist, cybersecurity was not optional. Active defense and incident response were critical.

The NFL needed a local partner, and greenhats was the obvious choice as Eintracht Frankfurt’s partner for cybersecurity prevention.

At that point, greenhats was unknown to the NFL. They had no shared history or prior engagements. They seemed like just another cybersecurity vendor. And on paper, every vendor can look credible.

greenhats had built their company around this exact problem when they started in 2016. As a cybersecurity firm focused on proactive security and education, they combine the mindset of OffSec-certified ethical hackers with real-world leadership experience and a strong focus on how people actually learn and perform.

Because in reality, there’s a gap. Some teams test systems. Others just run tools.

The CTO and co-founder Paul Werther has been in the industry for over 15 years and hold numerous certifications: OSEE, OSED, OSEP, OSCP+, OSWP, OSWE and of course OSCE³! And throughout his experience, he coined a term for those teams that just run tools with no strategy and direction: scammer monkeys.

Teams that scan, paste results into a report, and move on. greenhats was built to be the opposite of that with no shortcuts, blind trust or surface-level answers when training their team

In cybersecurity, it is easy to claim expertise. It is much harder to prove it, especially to organizations that operate at a global level.

The question from the NFL was simple: Can they actually do the job?

greenhats didn’t try to solve that question in the meeting. Paul had already solved it years before, in how he built his team.

Building a team where OSCP is the starting point

At greenhats, OSCP is not a differentiator. It is the minimum requirement to join the pentesting team. From there, engineers progress towards advanced certifications like OSCE³ or OSEE – certifications that Paul holds himself.

Certifications are not just for show. They are the minimum standard, and are used to ensure every team member operates at a defined, technical baseline.

Turning “Try Harder” into a daily operating model

The Try Harder mindset is not theoretical. It is enforced through how the team trains.

When Paul encounters a complex vulnerability during a client engagement, he rebuilds it to be solved internally with no documentation and no hints. The team is dropped into the problem and expected to solve it the same way.

That means failing first, sitting with the problem, and thinking beyond the obvious path. That’s the difference - the behavior is what gets trained, not just the outcome.

Cross-training red and blue teams

greenhats does not separate offensive and defensive thinking. Their SOC team trains on offensive content, like OSCP. Their pentesters work with defensive scenarios.

This creates operators who understand both sides of the attack chain. A defender who knows how attackers think and an attacker who understands real environments.

That combination changes how problems are approached and solved.

Deliberate progression, not certification stacking

After completing the OSCP, team members are not rushed into the next certification. They are pushed into real engagements.

They learn how to communicate findings, work with clients, and operate under pressure before moving into advanced training.

The goal is not more certifications. It is deeper capability.

Then came the moment where all of this showed up.

The moment the conversation changed

When the NFL team got their hands on Paul’s profile, something unexpected happened.

They didn’t ask for more proof or challenge the team’s approach. They hadn’t even started the evaluation process. They saw OSCE³, and the conversation shifted.

From: “Are they capable?”

To: “When can they start?”

The technical validation phase, and even the whole pitch, disappeared. It was no longer a sales conversation, but a decision made on the spot.

From unknown vendor to trusted partner in minutes

greenhats went from being an unknown local provider to a trusted partner for a live NFL event, with OffSec as their stamp of approval, and a clear signal that translated instantly.

A team that performs when it matters

That credibility only works if the team can back it up, and greenhats could.

Because their training mirrors real conditions. Their team is used to operating without guidance, adapting when things fail, and solving problems under pressure.

They don’t rely on tools: they understand the techniques behind them.

Stronger outcomes through cross-team capability

The overlap between red and blue team training showed up in execution.

Defensive scenarios were handled with an attacker mindset. Offensive testing accounted for real-world constraints. That depth is what clients actually experience during engagements.

Faster decisions, stronger positioning

greenhats doesn’t compete on price.

They walk into conversations with:

• Immediate trust
• Clear differentiation
• Proven capability

And they leave with decisions made faster.

greenhats didn’t choose OffSec for certifications. They chose it for what those certifications do when it matters.

Certifications like OSCP and OSCE³ signal capability in a way that’s immediately understood, especially by global organizations. There’s no need to over-explain, no need to prove the basics, no need to walk through every technical detail just to build trust.

That changes the dynamic of the conversation. Validation happens faster, technical back-and-forth disappears, and decisions get made earlier. What would normally be a long evaluation process becomes a much shorter path to “let’s get started.”

That is what turned a high-stakes NFL conversation from a pitch into a done deal.