In terms of security, IMO just using Linux, having a regular firewall setup and using common sense online and not clicking on anything overtly sketchy probably puts you in ahead of 90% of people on the internet lol. I'm also quite partial to running OpenSnitch just to make sure nothing's connecting to the internet without my say-so.
For privacy, I think it depends on your threat model but for the average person I'd say a VPN of some sort and mainly just being cautious about how much personal info you post on social media will cover a big chunk of it. Maybe a more privacy conscious email provider like Proton or Tuta over something like Gmail would help too, but none of that is strictly a Linux thing.
Kind of boring answers, sorry! But IMO the boring fundamentals do tend to cover the majority of stuff. Also there are places like privacyguides.org if you want to rabbit-hole it, but be warned that you might end up becoming one of those people who only goes on onion sites and pays for everything with Monero lol.
Also no idea about customizing Cinnamon, apologies.