Here are five things that have impacted me in my career, and helped me to grow both as a security person and a human being.
- Get a solid understanding of systems and networks. Systems and networks are the foundation for everything we do in security. If you want to be better at security, you must have a foundation in TCP/IP. Both on the theoretical side, and in the application side. The easiest way to get this experience is to become a systems administrator. The lessons I learned as a sysadmin allow me to speak about things in security, such as DNS, that if I hadn't ever wrestled with, I would only be talking theory. Since I've had my hands on a DNS server and configured zones, I truly understand the security challenges of DNS.
- If you don't have Virtual Box installed on your laptop, do it now. Virtual Machines are your friend. With virtualization, you can configure different machines (Windows, Linux, etc.) and connect them together. You can practice with the best security distributions (Kali, Web Security Dojo, etc.) without getting arrested! Learn to use Virtual Box and build VM's to test things and learn how they work. Have a system administrator mindset.
- Read like crazy. In the security business, things are always changing. Whether it's new technologies (threat intelligence is the hot thing now) or new techniques, this is not a stagnant industry. To get ahead in any industry, you must continue to grow and learn. Become an avid reader, and learn from the books you read. Even though college is over, take notes about the things that catch you in the book, and act upon them. Do not think you must limit yourself to non-fiction. Sprinkle fiction in as well to expand your mind.
- Take advantage of the training resources available on the Internet. There are so many free security courses and training opportunities, from Universities (Stanford and MIT), Security Tube, where all the local conferences are archived, and Udemy. Take advantage of the content that is out there and learn from it. Pick a specific topic and focus on it for a month. If you know nothing about Javascript, then learn it. You do not need the proficiency of someone who builds websites daily, but knowledge can be applied when the situation arises.
- Network, and not in a cheesy walk around and hand out business cards way. Make friends in the security industry. Do this on twitter. Do not use Twitter as a news feed. Respond to security people and get into the conversations. The worst thing that happens is that they ignore you. Go to conferences, and don't just stand in the back of the room like you are at a middle school dance. Introduce yourself to people, talk before the sessions start, make yourself a part of the community. You'll benefit greatly from the relationships you establish with real security people.
This was originally answered on Quora.