The cyber security field is broad and what you should start learning will depend on your end goal. Do you want to be a Security Engineer, Digital forensics investigator, Pen Tester, GRC analyst, IAM engineer or something else? Depending on what you decide see if there is a certification for it and in the beginning stick to the big guys such as Comptia, Microsoft, ISC2, GIAC (crazy expensive, your company would pay for these),ect. I am glad I was a System and Storage engineer before moving to a Security engineer, because it allowed me to get an understanding of Active Directory, Group Policy, Linux, patching OS/applications, how to work with vendors, documentation, etc.
Know the fundamentals like the OSI model, how AD/Azure/O365 work ect. Learn the current tools your company is using or going to use. Such as learning Splunk vs learning Sentinel, both good things to know but if your company is moving away from Splunk your time might be better utilized learning Sentinel. If you are still interested in Splunk, you could spin up a test for your homelab.
I take certification exams because that way it makes me learn the material even if it is boring and I know if I don’t take the exam I will never learn the material. Learn something that sparks joy in you. If it is a slog to learn you probably wont enjoy working on it.