In the current state of the art of network defense, a CSA must overcome the attacker’s asymmetric advantage. Proactive application of defenses puts the attacker and defender on equal footing. In order to generate effective defense plans, it is vital to characterize available defenses. Configurations generated based on these characterizations maximize security while minimizing impact on missioncritical resources. The C2PD program, as illustrated in Figure 3. C2PD Technical Scope, generates these configurations and provides them to a CSA for human-in-the-loop decision making. The selected defense configuration is automatically deployed on the network via the C2PD framework. C2PD advances the state of the art of network defense by greatly decreasing the time required to develop a defensive posture as well as increasing the effectiveness of these postures.