1: Learn the phases of the detection content development lifecycle.
2: Learn to set up processes to allow the program to be self-sustaining.
3: Learn to measure the efficacy of your detection content and act on it.
Awareness of security models such as the ATT&CK framework and Cyber Kill Chain. Interest or experience building processes associated with security operations. Understanding of building and refining detection content such as signatures and SIEM correlations will also be valuable.