So I am landing in this field as a sort of devOps or sysadmin guy but completely new to security…
are there any recommended courses as basic as those ‘port 3389’ issues? thanks 
I also know about HIPAA. Is a deidentified database food enough to cover my butt in case of an unfortunate breach? Thanks.