Hahaha!

That's a wide field my friend!

In my job as a consultant it always begins with an assessment of the existing environment.

Maybe some basics like prevention & detection methods could be a starting point in some cases others require more groundwork like setting up a well functioning backup & recovery system others might lack in processes & methods and there is work required to setup things like an change management process, ticket system, service catalog or an cmdb (configuration management database).

You see all this highly depends on the so called maturity of an environment. More mature environments might be looking for the right control framework to do their due diligence or comply with regulatory requirements. Others might be looking towards an ISO 27001 certification or they need to up their availability standards and you end up tailoring their business continuity plan.

More or less this is the same with the skillset/learning goals you might be looking for.

Inb4 I already was thinking about a little series of posts addressing the basics needed in IT operations to establish an ITSM (IT service management "system") which IT security aspects actually are a part of in most organizations.

Cheers!
Lucky