From trainee to security & risk consultant at Highberg

There are different opinions about the definition of traineeships. For me, a traineeship is a full-fledged job that focuses on gaining job-related work experience, learning, and pushing boundaries. Additionally, as a trainee, you follow a diverse package of courses to broaden your professional knowledge and participate in a program aimed at developing soft skills. I completed my entire 1.5-year traineeship at Highberg. Due to the diversity of work within Highberg, I found this experience to be very educational and enjoyable. I also took various courses and training, earning certifications such as Lean Green Belt and CISM.

What excites me about the company is, on one hand, the diversity of assignments with a strong emphasis on quality and content. The average rating from our clients is consistently above 8. On the other hand, there is more than enough room to develop and implement your own ideas, collaborating with a team of professional colleagues with diverse expertise. The atmosphere is relaxed and informal, and colleagues are always ready to share their expertise. Equally important, there is a significant investment in social activities and teambuilding.

No day looks the same, really. Information security is a form of quality management that affects the entire organization. Therefore, as an advisor, I interact with all layers of organizations at my client sites. This ranges from providing strategic advice to executives to dealing with employees who have reported a security incident or have a specific question. Additionally, I have regular contact moments with Highberg colleagues, focusing on sharing substantive knowledge and exploring and leveraging the market. Highberg operates with a broad spectrum of interesting clients, many of whom are in the public sector. Here's an overview of my assignments.

1. C(ISO) as a service: longside a colleague, we fulfill the roles of CISO and ISO at an insurance company. The organization is too small to hire a full-time CISO, so they choose to have Highberg fill this role for two days a week. The work as an ISO is diverse, ranging from policy development to providing awareness training and advising the management team on risks and necessary measures.
2. Risk management advisor: I work as a risk management advisor at a water board. In this role, I, along with two colleagues, conduct workshops at strategic and tactical levels to identify, classify, and associate mitigating measures with risks. We also write an advice for setting up and ensuring integral risk management within the organization and what is required for this, so that the organization can continue independently.
3. BCM advisor: I'm involved in a Business Continuity Management (BCM) project at a municipality. This includes conducting crisis exercises, performing business impact assessments, and drafting business continuity plans.
4. Lastly, I'm working on smaller projects and activities. For example, I'm collaborating with colleagues to brainstorm about new legislation such as NIS2 and DORA and what proposition Highberg can offer in the market.

The field is dynamic, and I am far from done learning. Therefore, I would like to further broaden my horizons in the coming years. While my current strength lies in the organizational aspect of information security, I want to expand my technical knowledge.