A large majority of the site is hosted [and my host assures me they can handle it]. Its the typical cpanel utility and apache so my big concern there is security. I need to know if there are any common holes/mistakes I need to be on the lookout for?
If this is shared hosting, then your hoster is (or should be held) responsable for OS level maintenance and security.
If you can't stop unnecessary services, ask them, if they didn't update packages, ask them, if they put up a firewall, ask them what services it allows. Next what's your Cpanel site built on? Is it static content or an Apache/MySQL/PHP? Anything else? Forum? Custom built PHP?
And a small but cruicle part is run from my home server. Apaches setup and running but I am still very uncompfortable with apache. I could really use some advice with the home side [I'm not asking for someone to hold my hand, I just need direction]. I know nothing about managing traffic load or security settings
Is the server behind a Cable/xDSL modem/router? In a DMZ? All packages updated? Firewall running? No unnecessary services exposed? What's your home site built on? Apache/MySQL/PHP? Anything else?
Please check out the
LQ FAQ: Security references.
Also if you're expecting a lot of or huge amount data transfers hosting stuff at home will be a liability for your site and make it unavailable if your server can't cope with the load or b0rks down. Better spread risks and take that to another hoster, but that's just IMHO.