Portfolio
Hello! I'm Nienke Fokma alias Nina Barzh, a passionate IT professional with some expertise in software development, security, systems engineering, and data analysis.
This portfolio is a curated collection of my recent projects, skills, and accomplishments, reflecting my dedication to solving complex problems.
With 40+ years of experience in the IT industry in various roles and always learning, I have honed my abilities in facilitation, teaching, and research. My work spans across web development, network security, AI/ML, etc.
I thrive in dynamic environments that challenge me to think critically and creatively.
Collaboration and communication are at the heart of my work, ensuring that I align technical solutions with human and organisational objectives. I am always excited to take on new challenges and collaborate on impactful projects of NGO's and small businesses.
If you’re interested in my work or would like to discuss how I can contribute to your team, feel free to contact me, or reach out to me via LinkedIn.
Teaching
The Montessori philosophy offers a holistic approach to education that recognizes the innate potential and dignity of every individual. The autonomy, self-directed learning, and respect for the individual are principles which have far-reaching implications beyond traditional educational settings.
Experiential Learning Theory, developed by David A. Kolb, is a widely recognized and influential framework that describes how people learn through experience. People can use hands-on learning processes for all forms of learning, development, and change.
Digital defence @home
This project is about understanding the landscape and securing @home (and @smallorganisational) contexts as good as we can ourselves. The approach is to pick the raisins out of the commercial porridge. What makes sense in our respective contexts?
IPA Project
A project, together with Meltem Arikan, sponsored by /ut7 for supporting Intimate Partner Abuse survivors in various (digital) ways.
Facilitation
Facilitation is the craft of guiding a group or individual through a participatory process that makes it easier to achieve their goals.
Systems thinking
Systems thinking expands the range of choices available for solving a problem by broadening our thinking and helping us phrase problems in new and other ways. The principles of systems thinking can make us aware that there are no flawless solutions and that the choices we make will have an impact on other parts of the system. By anticipating the impact of trade-offs, we can minimize the impacts or even use them to our advantage. As a result, systems thinking allows us to make better informed and less damaging choices.
Systems thinking, in particular causal loop diagrams can be used to tell compelling stories describing how a system works.
Retrospectives
Retrospectives are popular in the team-working world of the Lean and Agile community. The technique was inspired by the work of Virginia Satir. She developed a technique called the Daily Temperature Reading for keeping relationships healthy and happy. Reflecting on what has happened in the past (first the positive and then the negative) and then figuring out what to do in the future to improve. And with a bit of creativity it can be made fun and enjoyable to do.
Looking forward
Scenario planning originated in the U.S. military for making strategic decisions, to plan and prepare for various possible futures. Today, scenario planning is used by all kinds of organisations world-wide. Adding obliviousness and congruence awarenesses to scenario planning choreographies make it a more balanced experience and suitable for planning deductive and inductive paths to possible futures.
Software development
Software Development is the process of designing, creating, testing, and maintaining computer programs and applications.
C and C++
C and C++ are used for high performance and low-level control. It is suited for backend systems, computationally intensive processes, and applications that require precise memory control. Been there, done that in the stone age of computer science. At the moment not much to show, but for some snippets.
Python
Python is simple, versatile, and readable, and often used for web development, data analysis, and AI. It is perfect for frontend scripts, prototyping, data manipulation, and creating user-friendly APIs for C++-based backend systems.
A lot of frameworks (25+) have been developed for Python, providing a structure for the code and a set of tools and features that streamline the development process. Examples are Flask and FastAPI.
Python frameworks
Flask is a lightweight micro-framework used to quickly build simple web applications. It includes support for Jinja templates (a way to reuse HTML code), request handling, and application signaling.
FastAPI’s only purpose is to build backend APIs. There must also be a frontend framework to display the site to users. The framework is incredibly easy to work with, and it is even possible to deploy an app with FastAPI through Kinsta and a GitHub repo in minutes.
AI
Artificial Intelligence (AI) is undoubtedly revolutionizing numerous fields, from healthcare and finance to transportation and entertainment. Its potential to enhance efficiency, solve complex problems, and drive innovation is enormous. So is its energy use.
The rapid advancement and integration of AI into society also raises significant ethical, social, and technical concerns that warrant critical examination.
Exploring the various AI techniques can support such research.
Security
Threat modelling
Threat modeling is the process of using hypothetical scenarios, system diagrams, and testing to help secure systems and data.
Deanonymisation refers to the process of reversing the anonymisation of data, thereby revealing the identity of individuals who were previously anonymous. This practice has significant implications for privacy, security, and ethics, particularly in an era where vast amounts of data are collected, shared, and analyzed.
Pentesting
A vulnerability assessment focuses on scanning hosts for vulnerabilities as individual entities. Penetration tests might start by scanning for vulnerabilities just as a regular vulnerability assessment but pentesting gives more information on how an attacker can chain vulnerabilities to achieve specific goals.
During pentesting, focus remains on identifying vulnerabilities and establishing measures to protect the network, but it also considers the network as a whole ecosystem and how an attacker could profit from interactions between its components.
Red teaming
Red teaming is a term borrowed from the military. In military exercises, the red team simulates attack techniques to test the reaction capabilities of a defending blue team against known adversary strategies.
In cybersecurity, the red team emulates a real threat actor's Tactics, Techniques and Procedures (TTPs) for measuring how well the blue team responds and to test any security controls in place. Usually the blue team is made up of members of a security incident response team (SIRT) and/or security operations team (SOC), but in a small organisation can consist of the systems administrator with interested parties.
Red teaming does not replace penetration testing. It complements it by focusing on detection and response rather than prevention. Red teaming improves penetration testing by taking into account more attack surfaces:
Technical Infrastructure: Like in a regular penetration test, a red team will try to uncover technical vulnerabilities, with a much higher emphasis on stealth and evasion.
Social Engineering: Targeting people through phishing campaigns, phone calls or social media to trick them into revealing information that should remain private.
Physical Intrusion: Using techniques like lockpicking, RFID cloning, exploiting weaknesses in electronic access control devices to access restricted areas of facilities.
Purple teaming
The scope and goals for purple team operations are very similar to the operations defined for a red team. The main difference is that focus lies on transparency and collaboration between red, blue, engineering, and management teams.
If attacks succeed and are not caught, detections are fixed and implemented, and attacks are run again right away–until there is a measurable improvement.
Systems engineering
Systems engineering uses systems thinking principles to organize the design, integration, and management of a complex system over its life cycle.
DevOps
The DevOps pipeline is the heart of modern software development. It facilitates communication and workflows between development and operations teams, allowing organizations to plan, develop, test, and deploy applications quickly and accurately.
DevOps automation tools allow teams to significantly enhance both the speed and reliability of existing processes—and apply them globally for scalable growth.
Infrastructure as code
No size fits all, but in general, configuration and management of infrastructures requires manually provisioning physical and virtual servers, setting up IP addresses, subnets, routers, switches and firewalls, installation of operating systems, and installation, configuration, updating of software, like databases, web servers, and making backups, and recovering from disasters when needed.
For disaster recovery it requires having some backup infrastructure on standby, and having clear written procedures for if and when a component or the entire infrastructure goes down for whatever reason.
Once set up, Infrastructure as code (IaC) reduces the amount of manual work, the risk of errors, and makes the infrastructure scalable, version-able, and repeatable.
Head in the clouds
Virtualisation technology in the cloud has become a huge resource to leverage, as it promises high availability and access to resources from anywhere. From individuals, enterprises to large conglomerates, nearly everyone is migrating towards the cloud. With this come often unseen threats because cloud environments are different from the traditional infrastructure.
On-premises IaC
With on-premises, the code will configure servers, network devices, storage and software located on your premises. “Premises” can mean physical infrastructure in a premises owned by an organisation or rented in a data centre like Hetzner. IaC tools like Ansible, Chef and Puppet can be used (and others can be configured to do so) to manage and provision infrastructure on physical servers or virtual machines.
The main advantage of using on-premises clouds for IaC and code in general is that it allows complete control. This complete control can be useful (understatement) for security and compliance requirements that call for data sovereignty.
