Once you get familiar with SA&O, you can move to the next step. Examining the operations plans for workflows will help you master more complex scenarios.
Here is an example. As phishing attacks are still the number-one entry point for many cyberattacks, learning to examine a suspected phishing email can be useful. Instead of repeating the same steps again and again, you can automate the repetitive actions, such as enriching an event with reputation data from a threat intelligence service, and then insert your staff into the workflow so they can make a close or escalation decision.
Over time, the more you start smaller and go step by step to more complex automation, you will be learning to fully automate the process. The benefit of this approach is that it allows you to devote your analysts, who are always in high demand, to more complex issues.
As a beginner, it's always good to learn the common incidents. Try to master the top-five incidents, get familiar with the vendors, and analyze them. Find out whether they require information to be gathered and actions to be taken on threat-intelligence feeds, firewalls, email server, and network devices' centralized credential stores. The more complex use cases will touch more systems as well as more teams, which brings us to the next step.