Security Analytics: How to rank use cases based on the "Quick Wins" approach?

When planning for a Security Monitoring project, no matter if it’s a rule that triggers alerts or an interactive dashboard to support hunters, once you have gathered an initial set of feasible ideas, where to start?

A Quick Win is commonly referred to as the result of “High Value” plus “Low Effort” combo. In practice, here's how I see this approach in context with an organization investing in a new project:

The "Quick Wins" is a reliable way of providing reassurance to management, including those who invested in technology and people, paving the way for longer-term goals and more ambitious deliverables.

So if you ever thought about that being a technical move, reconsider it.

Successfully carrying out this approach translates into several new and concrete contributions to a project made early, right after its inception, increasing Security Analytics practice visibility across the organization.

Without getting into an obvious question “How to measure success?”, assuming the answer varies vastly, depending for instance on how an organization deals with Risk (appetite, management); let’s assume the “Quick Wins” approach is the one providing you better chances of success.