To be honest with you - hestiaCP out the box very secure, fast, and good.
If you have no sysadmin knowledge, why need to install something else if you do not understand for what do you need that and why?
Well, I wanted to know if everything will be safe in my new hestia panel with the basic installation or if on the contrary, it is recommended to install something else.
First thing i have done is setup block list in the firewall page, also blocked regions i dont need (basically everything outside the EU) as i host from home and just a couple of personal sites.
I white list my local ip ( my pc and laptop) i use to access the panel and website admin pages etc in the fail2ban configuration.
I tend to look for regular ip addresses that are blocked and block them in the firewall.
Disable the admin account or disable admin access or what ever the option is and use a user to host sites and email for a domain.
Use f2a on hestia accounts.
Thats all i can think of, its pretty secure but there will aleays be attempts on your system as soon as you open ports.
I bought a router with 2way ips (intrusion prevention system) such as asus AIprotect, that stops access from known malicious sources and stops me from accessing know malicious websites etc.
The 2wayips system uses trendmicro on asus routers.
I run hestia on a vm that i backup regular so if the worst happens i just restore and change all passwords.