In a moment of distraction, I fell for a phishing phone call and compromised my Google account. It took me 13 minutes to realize how catastrophically stupid I am and begin frantically changing passwords. I've run the official Google "secure your account" process probably 10 times (though 9 of those times there was nothing to do). I've checked all my financial info, changed passwords on all sorts of things. As far as I can tell, other than gaining access to my Gmail, I don't think anything else was compromised.

How boned am I? I've got 2FA on basically anything remotely important, and I've had decent password hygiene (although I do use the Google password manager, so that's probably comprimised). Is there something else I should do or be on the lookout for?

First, let me just say that I'm tech savvy, but I'm self taught for the most part. I never studied cybersecurity or network security. I know the basics, but not the nitty-gritty.

I used to host my own Anytype Server (note taking app) on my raspberry pi. To do this, the documentation says that I need to open two ports, one TCP and another UDP. So that's what I did, and had it set up this way for a while now.

Yesterday though, my raspberry's microSD died. So while I wait for the new one to arrive, I'm taking the chance to review my home network settings.

I closed off a third port that I had for my synology server (for the OpenVPN). I am now using Wireguard (with Tailscale) which doesn't require opening ports. And since my raspberry is offline, I also turned off the other two ports (as of now, I have none opened)

So here's the thing: I remember from my searching that a lot of people are strongly averse to opening ports. Iirc, the basic idea is that if a bad actor knows my home IP and which ports are open, they can enter. So, in theory, a hacker could potentially infiltrate my raspberry pi - and from there potentially wreak havoc in my other devices.

So my questions are:
1- Is it really like that? Could a hacker gain unlimited access to my raspberry via an opened port?
2- If yes, is there something that I can do to strengthen my raspberry pi security?
3- Am I being overly paranoid by worrying about this, even if it’s theoretically possible?

Any clever ways to connect to the Internet safely to update drivers, security, etc? I'd only want to connect to Intel, AMD, Microsoft, etc, and then would physically disconnect the lan card. I know, dangerous, but I'm trying a piecemeal approach with a flash drive and getting mixed results. I tried to update to Service Pack 2, and it bricked the computer on restart, back to flashing Vista.

Sorry if this isn't the best place to ask. IT and cybersecurity-focused communities over on Reddit aren't exactly the most welcoming places for such questions, and reading the r/ITCareerQuestions wiki has made me seriously question if I'm being sold false promises of working in a sector that actually has a low demand for workers. Then again, that wiki page seems more geared towards the US job market.

Two weeks ago, I responded to an Instagram ad advertising cybersecurity courses, because the job market is horrible here in the UK right now, and after some setbacks with my ACCA studies, I am seriously considering just giving up on trying to get into chartered accountancy because that path is closing many more doors for me. A course advisor rang me asking about the reasons I showed interest in the ad, then we had a long discussion about any questions I had, what the sector is apparently like, etc.

Some of the claims seem too good to be true, i.e. that it's an industry where you can afford to be picky, jobs outnumber people by almost 3 to 1, most jobs are remote, the provider boasts a 90%+ employment rate, I don't need programming experience, the most complex thing I'd be doing is running command prompt/powershell commands and scripts.

The firm itself seems legitimate. They offer CompTIA, Microsoft, Cisco, AWS and EC-Council certifications, have good review scores on Trustpilot, are a registered training provider and limited company in the UK, and are supposedly an assured service provider with the National Cyber Security Centre (NCSC.) The courses they mentioned to me in their syllabus supposedly come to £4k and would take about six months.

1. Am I right to be wary about what this training provider are offering?
2. Do you require extensive programming knowledge or a computer science background to work in cybersecurity in any capacity? A friend with an IT background has told me that Python is useful in his field.
3. Is the reality of IT and cybersecurity jobs in the UK (or in the West) far different from what has been painted to me?