I will post a few things to read here. Btw I run the subreddit https://reddit.com/r/linux_mentor so feel free to post this on there.

I come from a background of penetration testing both web applications and infrastructure. Believe it or not but the easiest way to hack a company is to go for the Linux servers. Patching practices on Windows seem to be far better compared to the practices of Linux admins in the corporate world. Hacking a windows server is often far harder than getting in on an old unpatched Linux.

Some basic tips for your normal Linux sysadmin:

1. Read reddit.com/r/netsec regularly so that you know what is going on in the infosec world.
2. Lock down your servers using ssh key authentication with MFA. You can use google's authenticator for that. See this tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
3. Try hack your own stuff.
4. Vulnerability scanners are your friend.
5. Read writeups by hackers here are some:
   https://yoirtuts.com/index.php?title=Finfischer_Hack
   https://yoirtuts.com/index.php?title=Hacking_TEAM_Hack

Good luck! Feel free to check the rest of my wiki:
https://yoirtuts.com/index.php?title=Pentesting