Greetings! I'm a help desk employee who is wanting to get into infosec and one idea suggested to me was to setup a home lab to practice. Right now I'm thinking of ways to justify investing in a used Workstation I can use to create a virtual home lab that can be used to get my feet wet in all sorts infosec tools and systems and gain more experience that way (I would normally just buy physical equipment, but I'm not made of money, especially with the way things are right now); But due to my lack of experience I'm having a hard time thinking of projects that are worth investing in for the Workstation.
The idea so far would be to create multiple VMs and network them together from within the the Workstation so I would have a network to exploit. The question now would be what exactly should be perusing with this setup? What kind of projects are out there that I can use to cut my teeth with and where would I find them? I could practice with Kali, look into some monitoring tools, tinker with VMware somehow (Again no money for large investments). I'm looking at this from a Blue Team perspective but I wouldn't mind looking at Pentesting either since I'm sure they intermingle a lot.
What would be everyone's recommendation for learning more hands-on infosec? Is there a good central hub to get project ideas from, or should I abandon all of this and look into more online resources (TryHackMe, HTB, etc)?