Coyote's Rules For Information Security Teams

Mar 2025

I was revisiting Gen. Peter J. Schoomaker "Coyote's Rules" (page 13 of the PDF), and I thought it would be great to create a set of equally impactful rules for information security teams. I'm nowhere near the same level as Gen. Schoomaker, but I believe I did a solid job with the rules below.

Coyote's Rules for a "Special Operations" Information Security Team

  1. Stay Small, Move Fast
    Be agile, adaptive, and decisive. Bureaucracy kills speed; execute with precision, delegate decisions, and empower team members to solve problems at the edge.
  2. Think Like an Adversary
    Anticipate threats, red team everything, and always stay one step ahead.
  3. Win Through Influence, Not Mandates
    Security succeeds when it’s embedded, not imposed. Make security easy and essential, not an obstacle. Good security integrates seamlessly into operations.
  4. Simple is Secure
    Complexity creates risk. Solve problems with the simplest, most effective approach.
  5. Never Fight the Last War
    Threats evolve. Challenge assumptions, innovate constantly, and stay ahead of the game.