In conflict zones and hostile environments, the gap between cyber and physical security is not an inconvenience. It is a vulnerability that gets people hurt. Jack McKenna has watched organizations spend money on tools, hire service providers, and still miss the threat because nobody in the building had built a relationship across the aisle. NGO security management and humanitarian aid security have never demanded more from practitioners. The organizations doing the most critical work in international development safety are operating with siloed teams, undertrained staff, and a false sense of protection from tools that were never designed to catch the threats they actually face. Duty of care is not just a policy commitment. Understanding how to close that gap is no longer optional. Jack McKenna is President and CEO of Prescient, a tech-enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. Amaury Cooper, a former Prescient client and NGO security practitioner, leads this conversation from the field perspective, pressing Jack on what organizations can actually do with limited resources in complex environments. Key Takeaways Set up basic social media alerting for your organization name even without a dedicated security team, because unsophisticated monitoring is still better than none. Threat signals online are rarely explicit. Watch for negative sentiment building over time, coded imagery, emoji and GIF usage, and slang terms rather than waiting for a direct statement. NGO security management requires someone with a named responsibility for physical security. If it is not in anyone's job description, it will not get done when it matters. In hostile environments, assume surveillance and work your security posture backward from that assumption. VPNs and Signal help but do not make you safe if a hostile intelligence service is targeting you. Converged tabletop exercises covering both physical and cyber scenarios are one of the most practical tools any humanitarian aid security team can implement right now. Jack McKenna said, "Assume that you're basically broadcasting where you are," on operating in environments with hostile surveillance infrastructure. Jack McKenna said, "The relationship is the biggest word," on what physical security practitioners must build with their IT and cyber counterparts before a crisis hits. Timestamps 00:00 Introduction 01:42 How to assess whether your organization is being threatened 02:48 Setting up basic social media monitoring for NGOs 03:42 Risk assessments and point-in-time chatter reviews 04:07 Cultural nuance, emojis, GIFs, and online threat signals 05:07 AI limitations in detecting coded threats and imagery 06:14 Why bad actors know they are being monitored 06:52 Closed forums and indirect threat communication 07:53 Should cyber and physical security be converged 08:51 Identifying who is responsible for physical security 09:37 Avoiding duplicative security spending 10:10 The fusion cell model and overlapping risk spheres 11:18 How physical security practitioners can learn cyber basics 11:58 Why marketing and comms monitoring is insufficient for security 12:50 Using AI tools to self-educate on cybersecurity 13:36 Stop saying you are not a technical person 14:15 What NGOs in austere environments can do proactively 14:59 Data ownership and backup access in low-connectivity environments 15:45 How personal social media activity creates professional risk 16:23 What security focal points on the ground should watch for 17:12 Treating all unwanted communications as suspicious 17:43 Converged tabletop exercises for physical and cyber scenarios 18:11 Including IT in crisis management and device lockdown protocols 19:02 How tabletops unearth duty of care gaps 19:55 The USB drive scenario and why the NGO sector is uniquely at risk 20:17 Burner phones, wiped devices, and travel to hostile environments 21:10 VPNs, Signal, and their real limitations 21:35 Mobile device management and limiting compromise blast radius 22:32 Which environments carry the highest surveillance risk 23:14 Assuming surveillance regardless of geography 24:00 Location data, marketing IDs, and what hostile states can access 24:38 Operating in extremely hostile environments 25:01 Does a VPN slow things down 25:28 Pearls of wisdom for security focal points in the field 25:58 Build relationships with IT before you need them 27:11 Closing and acknowledgment of the Robert McPherson Fellowship Connect with Jack McKenna LinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/ Website: https://www.prescient.com/