Portfolio
I am Nienke Fokma (aka Nina Barzh). I design and build practical solutions for digital safety—especially when people are under pressure, at risk, or just trying to make sense of increasingly opaque systems.
What I do
My work bridges technical depth with organisational insight, across three areas:
Threat modelling & preparation
- Developing attacker-centric models that inform action, not just audit
- Mapping real-world power structures and adversary behaviours, rather than abstract risks
- Facilitating participatory processes—journaling, mapping, and documentation that support reflective learning and team alignment
Security infrastructure & organisational integration
- Supporting teams in implementing and adapting SIEM stacks for local, context-aware threat visibility
- Advising on security culture and process integration—embedding practical security practices that fit how teams actually work
- Designing self-hosted, libre tool–based solutions to ensure long-term autonomy and resilience
Facilitated learning & capacity building
- Designing experiential workshops using roleplay, modelling, and storytelling to build shared understanding
- Leading open lab formats for multidisciplinary teams and coalitions
- Prioritising learning-by-doing—always adapted to context, never one-size-fits-all
I help organisations develop the capacity to understand, adapt, and manage their own digital security— grounded in practice, not theory, and always shaped by the people doing the work.
Example work
PowerOn
PowerOn is a hands-on initiative focused on digital safety in high-risk, real-world settings—especially for shelters, survivors, and frontline support teams. It combines attacker-aware threat modelling with practical, self-hosted security infrastructure and guided workshops. Everything is designed for people without technical backgrounds: no cloud dependencies, no black boxes, and no assumptions. Just working systems that empower teams to detect, respond, and rebuild—on their own terms. Currently under development. Intended launch: January 2026
Privacy greenhouse
The Privacy Greenhouse is a metaphor-driven exploration of how privacy grows—or withers—in our digital environments. It maps how personal data flows, leaks, and mutates through everyday tech, helping individuals and organisations identify threats, understand attacker incentives, and cultivate healthier digital habits. Rooted in slow thinking and participatory threat modelling, the greenhouse offers tools and reflections for building privacy resilience in complex, shifting conditions.
Red wilds
Red is where the gloves come off. It maps the behaviours, tradecraft, and messy realities of determined adversaries—those who persist, escalate, and adapt. Drawing on the metaphor of a digital forest, the site explores lateral movement, privilege escalation, deception, and persistence with the cunning of foxes, raccoons, and other wild things. It is not a red team playbook; it is a survival guide for understanding and disrupting the adversary’s rhythm—without pretending the terrain is tidy or the attackers follow the rules.
Blue beacon
Blue focuses on building trustworthy systems—those that shine light through the fog of complexity and actually hold up under pressure. It deals with defence that is strategic, not just reactive: access control that respects privacy, logging that exposes signals (not noise), and data flows that are clear, auditable, and unclouded. Blue is for teams that want more than compliance—they want clarity, integrity, and the power to intervene before things break.
How I work
- Dutch ZZP (KvK & VAT registered)
- Prefer direct, project-based work with clear outcomes
- Happy to collaborate on public interest tech, safety infrastructure, or field research
- I do not outsource, overpromise, or sell data
I bring my full toolkit and leave you with yours, working.