Keeping the system up-to-date (that also means upgrading macOS to a newer major version, at the latest when security updates are no longer released) and enabling and using the security features macOS provides gets you 99% there. For the rest, a little common sense is all you need, e.g. don’t ignore warnings without good reason, pay attention to where you obtain your software from, protect your data via backups.
I have not found any benefit in additional security tools except for Little Snitch (I use it for privacy, not security), given that I am selective about the tools I install, careful about where I install them from, generally against opening/allowing software that is not code-signed and notarised unless I know the specific reason for it (e.g. open-source software that is not signed for cost reasons or old software that was never signed, but still works) and overall just careful which sites I am visiting. In my experience, most adware/malware comes from shady tools or shady sources (torrents or websites that provided cracked versions), which can be avoided altogether.