Cyber and Physical Security Convergence for NGOs with Jack McKenna

In conflict zones and hostile environments, the gap between cyber and physical security is not an inconvenience. It is a vulnerability that gets people hurt. Jack McKenna has watched organizations spend money on tools, hire service providers, and still miss the threat because nobody in the building had built a relationship across the aisle.NGO security management and humanitarian aid security have never demanded more from practitioners. The organizations doing the most critical work in international development safety are operating with siloed teams, undertrained staff, and a false sense of protection from tools that were never designed to catch the threats they actually face. Duty of care is not just a policy commitment. Understanding how to close that gap is no longer optional.Jack McKenna is President and CEO of Prescient, a tech-enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. Amaury Cooper, a former Prescient client and NGO security practitioner, leads this conversation from the field perspective, pressing Jack on what organizations can actually do with limited resources in complex environments.Key TakeawaysSet up basic social media alerting for your organization name even without a dedicated security team, because unsophisticated monitoring is still better than none.Threat signals online are rarely explicit. Watch for negative sentiment building over time, coded imagery, emoji and GIF usage, and slang terms rather than waiting for a direct statement.NGO security management requires someone with a named responsibility for physical security. If it is not in anyone's job description, it will not get done when it matters.In hostile environments, assume surveillance and work your security posture backward from that assumption. VPNs and Signal help but do not make you safe if a hostile intelligence service is targeting you.Converged tabletop exercises covering both physical and cyber scenarios are one of the most practical tools any humanitarian aid security team can implement right now.Jack McKenna said, "Assume that you're basically broadcasting where you are," on operating in environments with hostile surveillance infrastructure.Jack McKenna said, "The relationship is the biggest word," on what physical security practitioners must build with their IT and cyber counterparts before a crisis hits.Timestamps00:00 Introduction01:42 How to assess whether your organization is being threatened02:48 Setting up basic social media monitoring for NGOs03:42 Risk assessments and point-in-time chatter reviews04:07 Cultural nuance, emojis, GIFs, and online threat signals05:07 AI limitations in detecting coded threats and imagery06:14 Why bad actors know they are being monitored06:52 Closed forums and indirect threat communication07:53 Should cyber and physical security be converged08:51 Identifying who is responsible for physical security09:37 Avoiding duplicative security spending10:10 The fusion cell model and overlapping risk spheres11:18 How physical security practitioners can learn cyber basics11:58 Why marketing and comms monitoring is insufficient for security12:50 Using AI tools to self-educate on cybersecurity13:36 Stop saying you are not a technical person14:15 What NGOs in austere environments can do proactively14:59 Data ownership and backup access in low-connectivity environments15:45 How personal social media activity creates professional risk16:23 What security focal points on the ground should watch for17:12 Treating all unwanted communications as suspicious17:43 Converged tabletop exercises for physical and cyber scenarios18:11 Including IT in crisis management and device lockdown protocols19:02 How tabletops unearth duty of care gaps19:55 The USB drive scenario and why the NGO sector is uniquely at risk20:17 Burner phones, wiped devices, and travel to hostile environments21:10 VPNs, Signal, and their real limitations21:35 Mobile device management and limiting compromise blast radius22:32 Which environments carry the highest surveillance risk23:14 Assuming surveillance regardless of geography24:00 Location data, marketing IDs, and what hostile states can access24:38 Operating in extremely hostile environments25:01 Does a VPN slow things down25:28 Pearls of wisdom for security focal points in the field25:58 Build relationships with IT before you need them27:11 Closing and acknowledgment of the Robert McPherson FellowshipConnect with Jack McKennaLinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/Website: https://www.prescient.com/