Security and privacy hardening for a Fedora Workstation

Hi everyone,
today I am wondering what the community thinks about hardening the Fedora Workstation in terms of security and privacy through the use of threat models (from one to three or a Defcon version if you prefer that one more). First of all , I will start by providing some resources that might be interesting for certain readers and then I will progress with my concerns and dilemmas/questions. There are the resources :123456
Now for the questions: I have both tried Lynis and SCAP Workbench and I can say their warnings/suggestions aren’t that helpful. Lynis does not offer much help in terms of support when it comes to solving a issue. While SCAP Workbench does have the description of the issue and is able to generate scripts to remedy certain warnings, it still is quite broad and a certain number of warnings are applicable to servers only. Is there a better way of finding vulnerabilities in a Fedora Workstation ? Any ideas on how to harden the Workstation in terms of security and privacy to threat models, such as zone 1 , zone 2 , zone 3 ? Every suggestion is much appreciated.