This paper examines the four stages of evolution as security organizations move from reactively responding to incidents to proactively identifying and hunting for threats. It provides a snapshot of each stage, including the size and structure of the security team, approaches to incident response (IR), team skill sets and necessary metrics.