since you said it was for a hobby, the most important thing is to have fun. Frankly, any kind of security comes down to these principals;
-Foundational knowledge - learn how a given system works. This could apply to computers, or lockpicking, or literally any kind of system for securing something.
-The attacker - Learn how these systems are broken. An attack has to know how a system works to understand how to manipulate that system in such a way to gain an unintended benefit.
- Stop the attack - now that you know how the system works and how it's abused, figure out how to change how the system works so that it will be safe against the attack.
In computer or IS security, often times the heavy work is done by software maintainers. A bug is found, they patch it. You just got to apply the patch. Sometimes the software is working as intended, but that still isn't enough to keep the asset safe.
For example:
When chrome asks if you want to save your login info and you say yes, that gets stored in a SQLite database file on your machine. That file is encrypted. However the key to decrypt it is stored in plaintext in a neighboring file. This is the primary premise behind infostealer malware. Additionally, even if that key were more secure, you could just dump chrome's memory to get the decrypted keys. Same goes for password managers (if they're unlocked).
There are so many rabbit holes to go down. Don't try to learn everything because you can't. Pick what you like and just get really good at that. I started with process analysis and memory forensics. I started by using cheatengine on single player games. Eventually I branched out into software development, reverse engineering, etc. Other skills like networking became absolutely necessary, just be aware that that's a whole other rabbit hole to run down.
https://pauljerimy.com/security-certification-roadmap/The above link is to a chart of cyber security certifications. it is broken up by what pillars of security they address. Many of these certs are ~$10k, but this chart might point you in the direction of what interests you vs what is out there. You can also always just look for "free <cert name> training"
Many have suggested capture the flags. Great for getting your toes wet. If you want to get into networking, Cisco Packet Tracer is a great tool. There are plenty of networking youtubers with CCNA course for you to follow like Network Chuck. To "protect yourself online" you should learn up on osint collection tools like Maltego, SpiderFoot, Recon-ng, Sherlock, theHarvester, etc. Learn how to use these collection tools and start a campaign investigating yourself. See what information is out there about yourself. You might find more than you expected and you can start cleaning up your digital footprint and learn more about digital anonymity.
