Well, I have many articles on that. Besides Offensive Security knowledge, I believe the first thing to consider is the level of "fluency" in a data query language most don't have.

This is a requirement before you consider anything. Just like saying it's hard to build a good OS for programmers with median devel skills, good detection is not going to be a reality for most until they master the possibilities.