An effective defense-in-depth in cyber security applies multiple layers of defense throughout a system. The goalis to defend a system against cyber-attack using severalindependent methods. Therefore, a cyber-attack that is able to penetrate one layer of defense may be unsuccessful in other layers. Common layers of cyber defense include: attack avoidance, prevention, detection, survivability and recovery. It follows that in security-conscious organizations, the cyber security investment portfolio is divided into different layers of defense. For instance, a two-way division is agility and recovery. Cyber agility pursues attack avoidance techniques such that cyber-attacks are rendered as ineffective, whereas cyber recovery seeks to fight-through successful attacks. We show that even when the primary focus is on the agility of a system, recovery should be an essential point during implementation because the frequency of attacks will degrade the system and a quick and fast recovery is necessary. However, there is not yet an optimum mechanism to allocate limited cyber security resourcesinto the different layers. We propose an approach using theMarkov Decision Process (MDP) framework for resourcesallocation between the two end layers: agility and recovery.