Not OP, but my company is looking, so: The right mindset. Skills can be acquired. But dealing with an intelligent, intentionally acting adversary is fundamentally different from dealing with technical failures, environment events or simple system behaviour. This is also where in the training scenarios I sometimes run most companies fail. They can handle a fire, a DDoS attack, a malware outbreak - but they can't handle a hacker who will pivot and react to whatever you're doing. Having a basic grasp of what it means to be under attack is essential.

No OP, but some sub-reddits do have a bot doing link-checking, yes.

Second that. Some of the world-class people I'm lucky to know in the field have no formal qualifications. However, many of them are (like myself) dinosaurs from a time when there was no "IT Security" study. You'd study something with IT and then pivot into security. These days, qualifications are getting more important, but everywhere I've worked within the past 10 years people were still open for lateral entrants.

Come over to Europe. We are desperate for people with cybersecurity knowledge. My company is hiring and so is every other company in the field that I know.

Not OP, but IMHO the single best thing you can do is to not re-use passwords. Use a different password for every website you have an account on, because password leaks are common and your username is often your e-mail these days, and hackers will take a leaked password database and try those e-mail/password combinations on other sites, especially social media, gmail, and others that offer SSO ("log in with Facebook/GMail/Github/etc")

I'm also in your sphere and want to bounce a pet-peeve of mine off you. Security awareness trainings. My take: We've been doing them for 30 years or so. If they'd work, they'd have worked by now. What do you think of them?