I’ve worked in security for decades and nobody has ever asked me about certifications. I know a guy with CISSP and he said it has been useful sometimes, but basically I wouldn’t worry too much. Getting more involved with the security stuff where you work will give real experience which is likely more valuable.
I used proxmox and have played a little with nix and guix, but simplest is just use debian, put /home on a separate logical partition from the system partition so you can reinstall the system without clobbering user files, and as people keep saying, backup early and often.