ASM, Python, php. Again, why do you need this specialty? If you want to work in the field of information security under the law on information protection, then the road is closed to you. There are bigwigs like Positive technologies, Eurobridge-protection, etc. who have giant clients and large amounts of transactions. Try to fit in with them. If you want a small business, providing small companies with services such as protection-control of the enterprise network from the removal of information / competitive intelligence, then I can advise the DEFT Linux distribution kit for investigating incidents + the book "Forensics" + the books "The Art of Deception" and "The Art of Intrusion" by the author William Simon and Kevin Mitnick. Whitehat course "Certified Ethical Hacker" in Russian. According to greyhat and blackhat - Kali linux. The pentestit.ru resource is also useful. Understand that a successful information security specialist must perfectly understand the tactics of hackers: how they think, for what purpose they do it. If you decide to master this task, be sure to keep detailed records or a blog. Since there is not enough information in this topic in Russian, you can still earn money on articles or video tutorials on this matter. Good luck

Russian English.

If in the Russian Federation - then none, except for the Russian bureaucratic. The main task of an information security specialist is to spawn 100,500 meaningless pieces of paper in order to fight off a possible check and kick admins to bring the IT infrastructure to formal compliance with idiotic regulations. Nobody cares about real security.