Great question indeed. The biggest "tool" I can think of is the attitude of never stop learning. Always ask the question how and/or why something works the way it does. Be curious.
I am pretty new in starting out my career in cyber security and am working on certificates but found that to truly be a subject matter expert (SME) you have to be adaptable and willing to change how you view something.
I agree with austin15 - a willingness and drive to learn are the most important part of being in cybersecurity due to the fast pace at which things change. My approach to certifications right now is to get one from each of the major groups - (ISC)2, ISACA, EC-Council, SANS, etc. I do this so I can be in different groups of people with different focuses, which helps me learn more or look at things a different way. While there are some “biggies” in the cert world (like the CISSP) it’s more important to go for ones that interest you and help you have a niche, rather than just going for ones that you “should have.”