Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
Cybersecurity Traineeship Toreon: From Learning Frameworks to Advising Clients
Lowie Macharis
When Lowie started his traineeship, he already had some exposure to cybersecurity concepts through his studies. However, stepping into a consulting role quickly showed him that there was a significant difference between learning about frameworks in theory and applying them in practice.
It’s not the first time I heard of the term during my education, but this was the first time really working with NIS2 and the CyFun framework, which I had no knowledge about and now I’ve really grown into the topic.
Over the course of his seven-month traineeship, Lowie developed both his technical expertise and his confidence, transforming from a newcomer exploring unfamiliar frameworks into a consultant capable of engaging directly with clients and helping organizations navigate cybersecurity challenges.
Understanding the Role of a Cybersecurity Consultant
For Lowie, one of the most defining aspects of the cybersecurity consulting profession is its versatility.
A consultant is a very flexible person who needs to be able to apply their knowledge in very different organizations with a lot of different structures and topics.
Unlike specialists who may focus on a single environment, consultants must adapt their expertise to diverse clients, industries, and challenges. In cybersecurity, this means understanding complex security concepts and translating them into practical solutions that fit each organization’s unique context.
The Project That Made Everything Click
Every learning journey has a breakthrough moment. For Lowie, that moment came while creating a control mapping between ISO 27001, and the CyFun framework.
It was a lot of groundwork, that’s for sure, but it taught me how both frameworks actually work, so I learned a lot out of it.
The project addressed a common client challenge: understanding how multiple frameworks relate to one another and how compliance efforts can be streamlined. Through this work, Lowie gained a deep understanding of the frameworks and their practical application in real-world consulting engagements.
Moving Beyond Checkboxes
Lowie’s graduation project built directly on this experience. His thesis focused on improving how organizations are assessed against the CyFun framework.
Traditionally, these assessments often follow a checklist approach, where controls are simply marked as implemented or not. Lowie saw an opportunity to make the process more meaningful.
We as consultants strongly believe that a risk-based approach is the better way to do it.
By leveraging the control mapping work completed earlier in the traineeship, he developed an approach that starts with an ISO 27001 risk assessment before mapping controls to CyFun. The result is a methodology that not only helps organizations comply with NIS2 requirements but also ensures that cybersecurity efforts are driven by actual business risks.
This project reflects a key consulting principle: compliance should support risk management, not replace it.
Learning from Experts
One of the biggest surprises for Lowie was the depth of expertise he encountered within the company.
Shortly after joining, he participated in a company retreat focused on discussing products and client experiences. The conversations left a lasting impression.
There were a lot of very productive discussions there, which made me realize that there is a lot of expertise in the company, a lot of experience as well.
Being surrounded by experienced professionals created an environment where learning happened every day—not only through formal projects but also through collaboration and discussion.
Growing Confidence Along the Way
While technical growth was an important part of the traineeship, Lowie is especially proud of how much his confidence developed.
If I compare myself to me in the first month, I can say that I grew a lot of confidence.
In the beginning, he frequently relied on colleagues for guidance when responding to client questions. By the end of the programme, he felt comfortable providing answers and engaging with clients independently.
The level of expertise grew and the level of confidence grew with it.
This combination of knowledge and confidence is often what turns a trainee into a trusted consultant.
Advice for Future Trainees
For anyone considering applying to the traineeship, Lowie’s advice is simple:
First of all, I would say: do it.
He believes the programme offers value regardless of your starting point. Whether you already have cybersecurity knowledge or are just beginning to explore the field, the opportunity to learn from experienced professionals and gain practical consulting experience creates a strong foundation for a cybersecurity career.
For both people, it’s very interesting to start your cyber security career, especially because you learn from a lot of experienced people and you learn how to apply your knowledge in the field.
Looking back
After seven months of learning, collaboration, and hands-on experience, Lowie’s traineeship journey demonstrates how quickly growth can happen when curiosity meets opportunity.
From mastering NIS2 and the CyFun framework to developing innovative risk-based assessment approaches and building the confidence to advise clients directly, his story highlights what a traineeship can offer: not just knowledge, but the practical experience and self-assurance needed to thrive as a cybersecurity consultant.
Want to start your cybersecurity journey?
Check out the vacancy for our traineeship trajectories. And who knows, maybe you’ll join our team and learn all there is to know about becoming a cybersecurity expert.