INSSA Insights

Cyber and Physical Security Convergence for NGOs with Jack McKenna

In conflict zones and hostile environments, the gap between cyber and physical security is not an inconvenience. It is a vulnerability that gets people hurt. Jack McKenna has watched organizations spend money on tools, hire service providers, and still miss the threat because nobody in the building had built a relationship across the aisle.NGO security management and humanitarian aid security have never demanded more from practitioners. The organizations doing the most critical work in international development safety are operating with siloed teams, undertrained staff, and a false sense of protection from tools that were never designed to catch the threats they actually face. Duty of care is not just a policy commitment. Understanding how to close that gap is no longer optional.Jack McKenna is President and CEO of Prescient, a tech-enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. Amaury Cooper, a former Prescient client and NGO security practitioner, leads this conversation from the field perspective, pressing Jack on what organizations can actually do with limited resources in complex environments.Key TakeawaysSet up basic social media alerting for your organization name even without a dedicated security team, because unsophisticated monitoring is still better than none.Threat signals online are rarely explicit. Watch for negative sentiment building over time, coded imagery, emoji and GIF usage, and slang terms rather than waiting for a direct statement.NGO security management requires someone with a named responsibility for physical security. If it is not in anyone's job description, it will not get done when it matters.In hostile environments, assume surveillance and work your security posture backward from that assumption. VPNs and Signal help but do not make you safe if a hostile intelligence service is targeting you.Converged tabletop exercises covering both physical and cyber scenarios are one of the most practical tools any humanitarian aid security team can implement right now.Jack McKenna said, "Assume that you're basically broadcasting where you are," on operating in environments with hostile surveillance infrastructure.Jack McKenna said, "The relationship is the biggest word," on what physical security practitioners must build with their IT and cyber counterparts before a crisis hits.Timestamps00:00 Introduction01:42 How to assess whether your organization is being threatened02:48 Setting up basic social media monitoring for NGOs03:42 Risk assessments and point-in-time chatter reviews04:07 Cultural nuance, emojis, GIFs, and online threat signals05:07 AI limitations in detecting coded threats and imagery06:14 Why bad actors know they are being monitored06:52 Closed forums and indirect threat communication07:53 Should cyber and physical security be converged08:51 Identifying who is responsible for physical security09:37 Avoiding duplicative security spending10:10 The fusion cell model and overlapping risk spheres11:18 How physical security practitioners can learn cyber basics11:58 Why marketing and comms monitoring is insufficient for security12:50 Using AI tools to self-educate on cybersecurity13:36 Stop saying you are not a technical person14:15 What NGOs in austere environments can do proactively14:59 Data ownership and backup access in low-connectivity environments15:45 How personal social media activity creates professional risk16:23 What security focal points on the ground should watch for17:12 Treating all unwanted communications as suspicious17:43 Converged tabletop exercises for physical and cyber scenarios18:11 Including IT in crisis management and device lockdown protocols19:02 How tabletops unearth duty of care gaps19:55 The USB drive scenario and why the NGO sector is uniquely at risk20:17 Burner phones, wiped devices, and travel to hostile environments21:10 VPNs, Signal, and their real limitations21:35 Mobile device management and limiting compromise blast radius22:32 Which environments carry the highest surveillance risk23:14 Assuming surveillance regardless of geography24:00 Location data, marketing IDs, and what hostile states can access24:38 Operating in extremely hostile environments25:01 Does a VPN slow things down25:28 Pearls of wisdom for security focal points in the field25:58 Build relationships with IT before you need them27:11 Closing and acknowledgment of the Robert McPherson FellowshipConnect with Jack McKennaLinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/Website: https://www.prescient.com/

NGO Cybersecurity and Humanitarian Aid Security with Jack McKenna

In conflict zones, a single name in a breached database can be enough for a hostile government to identify and target a local partner. Jack McKenna has seen it happen. This is not a hypothetical. It is the threat landscape NGOs are operating in right now, and most have no idea how exposed they really are.NGO security management and humanitarian aid security have never been more urgent. The organizations doing the most critical work in the world are also the most targeted and the least resourced when it comes to cybersecurity. Understanding where those threats live and what any organization can do about them is no longer optional.Jack McKenna is President and CEO of Prescient, a tech enabled digital intelligence, investigation, and risk advisory firm at the intersection of cybersecurity, corporate security, and intelligence. He also serves on the board of District 4 Labs, a Prescient spinoff building OSINT data products. Amaury Cooper, a former Prescient client himself, sat down with Jack to break down the real threat landscape facing NGOs and international development organizations.Key TakeawaysIn hostile environments, assume your location and communications are visible and work your security posture backward from that assumption.NGOs are among the most targeted organizations in the world and operate with a fraction of the security resources available to corporations.Threat actors have moved off mainstream platforms and into closed Telegram forums and Discord servers where traditional monitoring does not reach.A single name linking a local partner to an international NGO in a breached database can be enough for a hostile government to target them.Least privilege access and data destruction policies are not advanced concepts. They are basic discipline, and most organizations are not doing them.Jack McKenna said, "In many ways they're the most threatened, but they're the most under resourced," referring to NGOs and their cybersecurity posture.Jack McKenna said, "Assume that it could become publicly available someday," on the reality that any data submitted to any platform is potentially exposed.Timestamps00:00 Introduction and welcome01:00 Jack McKenna and Prescient overview02:23 The current threat landscape for NGOs03:56 How threats moved from social media to closed Telegram and Discord forums05:09 Infiltrating closed forums, personas, AI, language, and slang06:36 How investigators identify and track threat actors08:20 Breached government databases and international attribution09:47 Bellingcat, open source intelligence, and what NGOs can learn11:01 The ICRC breach, White Helmets, and real world NGO cases12:39 What NGOs can do, least privilege access and data destruction14:52 How breached data puts local partners in physical danger17:19 AI agents and data access risks18:24 Using breached data to unmask threat actors19:29 District 4 Labs, Bellingcat, and free OSINT support for nonprofitsConnect with Jack McKennaLinkedIn: https://www.linkedin.com/in/jack-mckenna-3a301345/Website: https://www.prescient.com/

Hostage US

Welcome to INSSA Insights, where we explore global security issues. In this episode, "Hostage US," host Amaury Cooper interviews Liz Cathcart, Executive Director of Hostage US, a nonprofit supporting families of Americans taken hostage or wrongfully detained abroad.Liz discusses the organization’s crucial work, including providing free services to families facing emotional and financial strain. She covers three key types of hostage situations and shares strategies for NGOs and families navigating these crises. Liz also highlights the importance of legal frameworks and proactive policies to support employees at risk.Tune in to learn about the invaluable role of Hostage US in offering legal, emotional, and practical support to families in need.TakeawaysTypes of Hostage SituationsStatistics and Notable CasesPreparation and Strategy for NGOsSupport Services by Hostage USResources for Families and ReturneesQuotes"True support begins with emotional care — ensuring families know they are never alone, with a trusted, confidential ally by their side.” -  Liz Cathcart"Reintegration should support both the person and the organization, filling any gaps in available resources."  -  Liz CathcartFeatured in this EpisodeLiz CathcartExecutive Director of Hostage USLinkedIn: https://www.linkedin.com/in/elizabethcathcart/Website:  Support for Hostages, Wrongful Detainees, & Their Families | Hostage USChapters00:00 - Introduction04:31 - The Importance of Emotional Support, Confidentiality, and Financial Challenges06:45 - Hostage US Assists Families with Financial and Legal Challenges12:19 - State-Hostage Taking: Addressing Wrongful Detentions and Negotiations16:31 - Updating Employee Details and Establishing Power of Attorney17:51 - Understanding Power of Attorney and Privacy Act Waiver22:10 - Balancing Family Support with Organizational Responsibilities24:43 - Managing Initial Crisis Communication with Families27:42 - Hostage US Website: A Top Resource for Hostage-Related Issues31:33 - "Rope in a Prayer": A Balanced Perspective on Hostage Situations34:32 - Lily Cathcart Leads Hostage US; Available Resources for Families and NGOs34:42 - Outrohttp://www.heartcastmedia.com

Insurance & NGO Security Risk Management

Welcome to another episode of INSSA Insights. In this episode, we delve into the pivotal role of insurance in NGO security risk management. Experts Lisa Oliveri and Joe Gleeson explore how insurance safeguards international development and humanitarian aid organizations in high-risk areas. From medical emergencies to specialized policies like kidnap ransom coverage, discover how insurance enhances organizational resilience. Uncover the collaboration required between organizations and insurers, the importance of knowledgeable brokers, and ethical considerations.Join us as we provide insights on leveraging insurance for seamless crisis response in challenging environments.TakeawaysSignificance of Insurance in High-Risk ZonesTailoring Insurance for Humanitarian Aid CommunityCollaboration Between Institutions and BrokersQuotes"Insurance anticipates and covers the costs of challenges in international development and humanitarian work.” -  Joe Gleeson“Embrace consultation in times of crisis or security, where even a 'no' can lead to undiscovered paths. - Lisa OliveriFeatured in this EpisodeJoe GleesonDirector for Network Solutions at IntelLinkedin: https://www.linkedin.com/in/joe-gleeson-35644213/Lisa Oliveri, CPP, PCIGlobal Safety and Security Director | Strategic Risk Management Leader | Board MemberLinkedin: https://www.linkedin.com/in/lisamoliveri/Chapters00:00 - Introduction01:37 - Diverse Travel Risk Policies11:02 - Identifying Risks for Tailored Insurance Programs13:48 - Insurance for International Employees18:33 - Key Details for Understanding Insurance20:20 - Resource Requests and Broker Benefits25:11 - Effective Policy Coordination27:08 -  Enhancing Risk Management by Insurers30:16 - The Vital Role of Trusted Brokers33:10 - Ensuring Support Equality36:34 - Conclusionhttp://www.heartcastmedia.com

INSSA-CSD Excellence Awards

Welcome to another episode of INSSA Insights. In this episode, we explore the realm of NGO security and humanitarian aid, focusing on the INSSA-CSD Excellence Awards. Host Amaury Cooper engages with distinguished guests, including Ebe Brons, CEO of the Center For Safety and Development, Rising Star Award recipient Mahmoud Al Iskandarani, and Outstanding Achiever Award winner Emanuely Okongo. The episode highlights the awards' importance, the future of NGO security, and the impactful contributions of rising talents in the field.Join us for an in-depth look at the changing dynamics of humanitarian aid and security risk management.TakeawaysIdentifying and Nurturing Talent for Frontline SecurityFuture of NGO SecurityAttracting Diversity to NGO Security FieldQuotes"To prepare for the fast-approaching future, people must get training, education, and mentoring." - Ebe Brons"We have young people, and it's important to provide them with the necessary skills tailored to our operational environment."- Emmanuely Okongo"More training in humanitarian law is vital. We stay impartial in conflicts to help those in need, a core commitment when joining humanitarian organizations." - Mahmoud Al IskandaraniFeatured in this EpisodeEbe BronsDirector, Centre for Safety and DevelopmentLinkedin: https://www.linkedin.com/in/ebe-brons-63280310/Emmanuely OkongoSecurity and Access Coordinator for Global SurgeLinkedin: https://www.linkedin.com/in/emmanuely-okongo-6b746221a/Mahmoud Al IskandaraniSafety and Security ConsultantLinkedin: https://www.linkedin.com/in/mahmoud-al-iskandarani-995134119/Chapters00:00 - Introduction03:41 - Team Gratitude for the Rising Star Award07:37 - Certification and Skill Recognition in NGO Security09:55 - Enhancing NGO Security Expertise with Travel and Training11:38 - Advocating for Diversity with Tangible Organizational Practices16:16 - The Holistic Mission of NGO Security Professionals17:52 - Avi's Insights: Necessity for Heightened Focus on Humanitarian Law21:19 - Fostering Generosity, Skill Development, and Resolving Global Conflicts24:40 - Conclusionhttp://www.heartcastmedia.com

Key issues facing NGO Security Managers in 2022 and 2023

Welcome to another episode of INSSA Insights. In this show today, We featured Amaury Cooper, Board Member and Treasurer, at INSSA, Joe Gleason, Director at Global Risk Management, and lastly, Ben Longworth, the Director of Security Services at On Call International. In the episode, they discuss the top security challenges facing NGOs in 2023 and beyond. From the impact of climate change on security to geopolitical tensions between major powers like the USA, China, and Russia, we explore a range of issues that are affecting NGOs globally. We also examine the specific challenges faced by NGOs operating in regions such as South Asia, Africa, the Middle East, and Latin America, and the strategies that NGO security managers can use to manage risks in the age of the pandemic. Join us as we delve into the complexities of NGO security management and the resources that can help organizations better navigate these challenges.TakeawaysThe most influential and impactful in managing security for NGOs.Security Challenges faced in South Asia, Africa, and Latin AmericaNGO Strategies for Climate Change and Security IntersectionChallenges Faced by NGOs Operating in UkraineThe pandemic effect and the status around the worldGeopolitical tensions around the worldThe resources that will help NGO security managersQuotes"Geopolitical tensions are rising, and if governments turn to Chinese or Russian aid instead of Western aid, NGOs may face fewer restraints." - Joe"The COVID impact in 2022 is very interesting for NGOs. More on the program side, certainly, of course, we're referencing the risk to employees and personnel. But it's just interesting to see organizations might be able to put that focus back on, and there is a change in focus in a lot of these markets based on what was the strain on the healthcare system." - Ben"In 2023, we'll see major changes in how organizations manage risks unless something changes dramatically." - JoeFeatured in this EpisodeAmaury CooperBoard Member/Treasurer, INSSAhttps://www.linkedin.com/in/amaurycooperJoe GleasonDirector, Global Risk Managementhttps://www.linkedin.com/in/joe-gleason-907a325Benjamin LongworthDirector of Security Services, On Call Internationalhttps://www.linkedin.com/in/ben-longworth-7b200b40Chapters00:00 Introduction01:23 Most influential and impactful in NGO security management04:20 Issues in the South Asia06:20 Security and climate change07:41 Challenges Faced by NGOs Operating in Ukraine12:48 Are we in the post-pandemic15:56 Security threats in Africa19:36 Geopolitical tensions between the USA-China-Russia25:47 A Focus on Tensions in the Middle East28:12 The challenges and flash points in Latin America32:05 Managing Risk in the Age of Pandemic38:22 The lessons learned from the previous years41:45 The NGO Security Management for 2023 and beyond46:36 The resources that will help NGO security managers50:48 ConclusionProduced by Heartcast Mediahttp://www.heartcastmedia.com

Women in NGO Security Management

Welcome to another episode of INSSA Insights. In this show today, we will have a more central topic on our great women in the field of NGO security. We invited Melanie Murphy, the Physical Security Director for Human Rights Watch, Lisa Oliveri, the Director of Global Risk Management, Security, and Operations for National Democratic Institute, and lastly Javeria Malik, the Global Safety and Security Lead at ActionAid/INSSA Chair. They each share their stories of how they started in NGO Security management. They also share the challenges they've faced as women in the sector as these have been male-dominated fields. Moreover, they give some examples where women have some advantages in the field and how these sectors have been shifting towards a female-friendly environment. Lastly, they each give some tips and advice to the audience and give some knowledge about the upcoming challenges the sector will face.Key TakeawaysOur Guests' stories on how they started in the NGO Security SectorThe challenges of our guests as women in the NGO security sectorThe advantages of being a woman in the NGO Security SectorThe shift towards the women-friendly environment in the past decades in the NGO Security sectorAdvice and Tips from our Guests to our fellow AudiencesThe challenges the NGO security sector will face in terms of safety and security in the upcoming yearsQuotes"I can be tough however I prefer that people will see me as an approachable person, working alongside them because security management is about intimate conversations and details with people about their fears and vulnerabilities." - Melanie"We have amazing women that support and make sure we're, diversifying our thoughts and approaches as much as possible." - Lisa"One of the advantages of being a woman in this field is that I don't appear to be a threat and challenge their authority which able me to negotiate our way through various tensions." - JaveriaFeatured in this EpisodeMelanie MurphyPhysical Security Director for Human Rights WatchLinkedin: https://ca.linkedin.com/in/melanie-murphy-she-her-7a25403bWebsite: https://www.hrw.org Lisa OliveriDirector of Global Risk Management, Security, and Operations for National Democratic InstituteLinkedin: https://www.linkedin.com/in/lisamoliveri Profile: https://www.ndi.org/people/Lisa_OliveriJaveria MalikGlobal Safety and Security Lead at ActionAid/INSSA ChairLinkedin: https://za.linkedin.com/in/javmalik Profile/Website: https://inssa.org/javeria-malik Amaury Cooper Board Member /Treasurer, INSSALinkedin: https://www.linkedin.com/in/amaurycooper Profile/Website: https://inssa.org/amaury-t-cooper Words to our SponsorsThank you To the Robert McPherson Fellowship for its generous support and donation, helping to make this podcast possibleChapters00:00 Intro00:53 How Melanie, Lisa, and Jav started in the NGO Security Management06:13 The challenges as a female in the field of NGO security 10:23 The advantages of a woman in the field of NGO security16:40 The changes in the field for women over the decade22:52 Opening up for women in the NGO security sector29:07 Pieces of Advice from our guests to all women who want a career in the NGO security sector 34:09 General challenges that the NGO security sector faces in regards to safety and security41:52 Our guest's summer reading lists44:11 Conclusion

Interview with Robert Macpherson, Col. USMC (Ret), Humanitarian, Author

Key Takeaways:0:00 Intro1:33 Robert shares some of the reasons that made him decide to write his book5:57 Robert talks about some of the similarities between the military, the marine and the International Development Humanitarian Aid sectors9:42 Robert talks about his transition from a marine to being humanitarian worker and how it was for him13:55 Robert talks about the lessons he learned while in the military and the advice he would give to people who want to move from the military space into the NGO space17:57 Robert talks about how it was for him developing protocols and procedures that he had to do in policies for Safety and Security coming from the military21:26 Robert explains if the NGO’s take Safety and Security serious24:46 Robert talks about what he feels the NGOs are still lacking when it comes to safety and security and what they are also excelling at 39:00 Robert talks about the geographic areas that he is most concerned about when it comes to NGO safety and security43:54 Robert talks about what he sees is the future of NGO Safety and Security with all the knowledge that he has about it50:44 Robert talks about the advice he would give to people who are considering a career in the NGO security space Books Mentioned:https://www.robertseamusmacpherson.com/stewards-of-humanity  Shows Mentioned:https://inssa.org/ https://www.un.org/en/ http://www.marines.mil/ http://www.peacecorps.gov/ https://usnwc.edu/ https://www.ncolcoe.army.mil/ http://www.aidforum.org/directory/the-international-ngo-safety-security-association-inssa/ https://www.usaid.gov/who-we-are/organization/bureaus/bureau-humanitarian-assistance https://gisf.ngo/resource/can-you-get-sued-legal-liability-of-international-humanitarian-aid-organisations-towards-their-staff/ Quotes Mentioned:“The greatest enthusiasm from the women and men I associated with on the Marine Corps side is when they dropped into events where they were there to assist the humanitarian community rather than make war.”“Practice leadership by example.”“Always be humble.”“You got to step back and learn how everything works”“By 2050, half of the population, or half of the nation state of Bangladesh is going to be underwater.”“There is never enough.”Guests Social Media Links:Website: https://www.robertseamusmacpherson.com/ LinkedIn: https://www.linkedin.com/in/robertseamusmacpherson/ Email: rsm@robertseamusmacpherson.com Facebook: https://www.facebook.com/robertseamusmacpherson

Interview with Michael O‘Neill, Chair of INSSA

Key Takeaways:0:00 Intro1:10 Michael talks about how he got into the international development and humanitarian aid sector and specifically the NGO security space3:49 Michael shares an incident that occurred in his career in international development and how it influenced his path to NGO security9:30 Michael explains if the way that NGOs practice security management has matured or if it’s still languishing12:31 Michael talks about what differentiates the security management in the NGO sector from other sectors 15:25 Michael talks about the current state of security management around the world, within the NGO community and how mature it is 18:31 Michael talks about the acceptance of the importance of security risk management in the NGO sector both nonprofits and for-profit22:51 Michael talks about the importance of having information analysis and analysts and how it will help security risk management mature 26:13 Michael explains if organizations are integrating the security risk management personnel with analysts and implementers in the program designs 28:55 Michael talks about the study they did on acceptance, the core principles of acceptance, and what organizations should do to implement acceptance 31:46 Michael talks more about the acceptance model that they did during their study and the people that they did it with 39:06 Michael talks about World Humanitarian Day and the significance it has on the NGO’s security or humanitarian security42:55 Michael talks about the current biggest threats to aid workers in terms of security operations and what they should do47:09 Michael shares his thought on the future threats that might impact the security operations of the security agencies 49:21 Michael talks about the most important lessons that he has learned over the course of his career in NGO security management54:13 Michael shares some of the resources that he feels are essential for people who are interested in NGO security risk management 56:07 Michael talks about INSSA, what it is and what was the force or the need that led to the formation of INSSA and its initiatives 1:04:42 Michael talks about the future of INSSA and where he is hoping to see it go 1:05:47 Michael talks about where he sees the NGO security sector going as a wholeBooks Mentioned: Operational Security Management in Violent Environments: https://books.google.com/books/about/Operational_Security_Management_in_Viole.html?id=Bb6FAAAACAAJ&source=kp_book_description Never Split the Difference: https://www.goodreads.com/book/show/26156469-never-split-the-difference Player Piano: https://www.goodreads.com/book/show/9597.Player_Piano Shows Mentioned:http://acceptanceresearch.org/ Peace Corp: https://www.peacecorps.gov/ GIZ: https://www.giz.de/en/html/index.html Save the Children: https://www.savethechildren.net/ OFDA: https://www.usaid.gov/who-we-are/organization/bureaus/bureau-democracy-conflict-and-humanitarian-assistance/office-us ICRC: https://www.icrc.org/en GPRA: https://obamawhitehouse.archives.gov/omb/mgmt-gpra/index-gpra ISO 31,000: https://www.iso.org/iso-31000-risk-management.html USAID: https://www.usaid.gov/ GISF: https://gisf.ngo/ CRS: https://www.crs.org/ Lockton International: https://www.locktoninternational.com/gb/homepage Quotes Mentioned:“Duty of care is an employer's responsibility to put reasonable measures in place for foreseeable risks.”“Using staff safety as your indicator of success becomes less of a true indicator of effective security risk management as opposed to accessing vulnerable populations in the most complex environments.”“No matter which approach you take to security risk management, it all requires an understanding of the context and identifying and analyzing key stakeholders.”“People with good analytical skills need to be valued.”“Acceptance is as much a programmatic initiative as it is a security risk management initiative, and it works best when it's done together.”“Be propositional; give somebody a possible solution to the problem.”“Build on your assets and be propositional on how to carry forward.”Guests Social Media Links:LinkedIn: https://www.linkedin.com/in/michael-o-neill-a0b36441/ Website: https://www.oneillparagon.solutions/ Company website: https://inssa.org/

Pilot