Many security hardening guides you can find even inside the vSphere documentary, However you can consider the following titles:
1. Separate ESXi management networking (VMkernel port groups) and VM networking
2. Configure timeout settings for SSH / Shell / DCUI available and idle ...
3. Configure Lockdown mode (situation is highly-dependent on rate of your vCenter server availability)
4. Configure Syslog and SNMP settings to monitor the vSphere infrastructure situation
5. Configure ESXi built-in firewall to limit accepted IP addresses for the specific services like syslog
6. Install all security updates (patch / hotfix) released by the VMware.
