network connections, etc. before a threat escalates. This intermediate stage can encompass the second stage of the CISA maturity model, in which “automation is introduced,” according to Candillo.