I will be looking at Blake2 for my next project. For speed it is very very fast. The first iteration was a finalist for the NIST SHA-3 proposal.

PCI compliant environment isn't necessarily secure...

Perfect is the enemy of good. Don't get stuck down in doing everything the "right" way at the moment, this will just lead to burn out and failed projects. Iterate through your process and slowly nip away at the problem, you will find that you are excited to fix and refactor the application which will keep your interest up. When you hit a problem stop and think about it, google it and fix it. You will learn a lot by just getting your hands dirty continuously. If you are struggling to find programs to write, this is tough. Try some programming challenges that are gamified and you earn points for completing the task and also for the process takes to complete. Examples: https://coderbyte.com/challenges https://www.hackerrank.com/challenges/py-hello-world/problem

And didn't see Rey's response. Anything i use to connect to the Kali box that isn't part of an "attack tool" I will bind to a host only interface. This includes ssh, which i enable because i don't like working in the kali gui. This stops anyone being able to attack these interfaces, particularly important if you use a pre-installed image where ssh keys etc are default (you could regenerate them?). With metasploit you set the LHOST, with responder you set the interface. Most tools will allow you to choose the interface to bind to. SSH etc can be configured in the settings.

Almost, i have 1 adapter connected in bridged mode but am very selective about what services I bind to it. This is so I can perform attacks like LLMNR poisoning or collect reverse_shells. This prevents them from attacking anything i am using to control the Kali box (like ssh). You could selectively forward ports from the host and run the VM in host-only or NAT, but this just adds to complexity with little gains.

Have a look at PEP8 [1], a lot of projects will use it for their style guides. If you mean project layout and design, as j suggested, look at some projects. [1] https://www.python.org/dev/peps/pep-0008/

I'll take the question from a penetration testing angle. The biggest downside of running NAT (in its standard configuration) is that you cannot get connections back from other systems and are on a different network(broadcast traffic). In my normal workflow this would stop me using reverse shells or launching spoofing attacks (thing smbrelay/responder). Kali, like most pen testing distros are not built with security in mind. I would often setup a host only network with SSH enabled and use that to connect to the kali box to perform any testing that required Kali, minimizing the likelihood of attacks against my box and allowing me to use rubbish passwords. My normal configuration was 1 host-only network and 1 bridged network, just be sure to bind your services to the right ones.

I use both for different reasons. Personally prefer DigitalOcean's interface/API and process, but linode's isn't difficult either. DigitalOcean seem to market themselves to the developer better.