Toreon Office | Grotehondstraat 44 1/1 - 2018 Antwerpen | +32 3 369 33 96
Cybersecurity Traineeship Toreon: Building Confidence Through Impact
Rune Daman
When Rune started his traineeship, technical knowledge wasn’t his biggest challenge. Like many people entering a consulting role for the first time, it was confidence.
Client meetings felt intimidating, and speaking up wasn’t always easy. While he had the foundational knowledge, he wasn’t yet convinced that his own advice carried enough weight.
Since day one, when I started, I felt quite insecure. I wasn't that talkative with client meetings. I wasn't that confident that what I was saying was right.
Over the following months, that gradually changed. With guidance from senior consultants, increasing responsibility, and hands-on project experience, Rune evolved into a consultant capable of leading assessments and independently contributing to client engagements.
Right now, I'm doing assessments on my own, I'm doing parts of projects on my own, so that confidence grew a lot thanks to the traineeship.
Helping Organizations Improve Their Security
Cybersecurity consulting covers a broad range of disciplines, but Rune’s focus lies within Governance, Risk, and Compliance (GRC).
For him, the role is ultimately about helping organizations become more resilient.
For me, it's mostly delivering impact at a client based on their security posture, helping them mature their security posture, helping them grow their defenses against cyber attacks.
Through activities such as ISO 27001 implementations and NIS2 readiness projects, GRC consultants help organizations build the structures, processes, and governance needed to manage security risks effectively.
A Journey of Continuous Learning
Unlike some trainees who can point to a single breakthrough moment, Rune’s learning experience was cumulative.
Every project, task, and client interaction added another piece to the puzzle.
It wasn't necessarily a single project or a single thing during the traineeship, but rather the entire traineeship itself.
Over time, the individual lessons began to connect.
Project after project, task after task, made things become clear, made things click for me. And then at the end, it finally all fell together.
His experience highlights one of the strengths of the traineeship: growth doesn’t happen through one defining moment, but through consistent exposure to real-world challenges and opportunities.
Rethinking Security Awareness
For his graduation presentation, Rune chose a topic that combined his previous experience with a challenge he sees in today’s cybersecurity landscape: security awareness.
Before joining the traineeship, he already had hands-on experience developing phishing simulations and supporting awareness campaigns as a student.
When I was a student, I had a student job writing phishing emails, helping set up awareness campaigns.
That background sparked his curiosity about whether traditional awareness programmes are still effective.
His research led him to a clear conclusion.
The key things I take away from my research that I've done are that current awareness trainings fall short and that innovation is needed.
More importantly, the topic isn’t staying theoretical. Rune is now helping develop innovative approaches within the company that aim to address these shortcomings and make awareness programmes more effective.
Responsibility from Day One
One of the biggest surprises during the traineeship was how quickly responsibility was entrusted to him.
Like many new starters, Rune expected to spend a long time observing senior colleagues before taking on significant client-facing work. Instead, he found himself contributing independently much sooner than anticipated.
You follow senior consultants first, and then you get to do things alone quite quickly.
Within less than a year, he was already leading assessments and independently managing parts of client projects.
I'm doing assessments as a lead consultant, I'm doing parts of projects alone because senior consultants have confidence in me. And I did not expect it to go that quickly.
That balance between support and responsibility proved to be one of the most valuable aspects of the programme.
Making a Real Difference
When reflecting on his proudest achievement, Rune doesn’t point to a specific project deliverable or technical accomplishment.
Instead, he focuses on the impact his work has had on clients.
Most proud of the impact I've delivered already.
For him, the most rewarding moments come when clients act on his recommendations and use them to improve their security posture.
Hearing a client say, ‘Yes, I'm happy with this,’ or ‘Yes, we need to increase certain things,’ learning that they take my advice to heart—that's something that I'm most proud of.
Those moments serve as a reminder that cybersecurity consulting is ultimately about helping organizations make meaningful improvements.
Advice for Future Trainees
Rune’s message to anyone considering the traineeship is straightforward:
I would tell them to go for it.
What stands out most in his reflection is the supportive environment created by colleagues and mentors.
They teach you, they are patient with you, they let you make mistakes and help you grow.
For aspiring consultants, that combination of guidance, trust, and practical experience creates an ideal environment to develop both professionally and personally.
Looking Back
After eight to nine months in the traineeship, Rune’s journey demonstrates how quickly growth can happen when responsibility is combined with strong mentorship.
From entering the programme with uncertainty to leading assessments, advising clients, and contributing to innovation in security awareness, he has developed both the expertise and confidence required to make a real impact.
His experience shows that becoming a consultant is not just about learning frameworks and methodologies—it’s about learning to trust your knowledge, deliver value to clients, and continuously grow with every project you take on.
Want to start your cybersecurity journey?
Check out the vacancy for our traineeship trajectories. And who knows, maybe you’ll join our team and learn all there is to know about becoming a cybersecurity expert.