Okay guys. Let's not offend the newbie.
OK. Look, the layout is simple. There are three branches of information security: two as applied and one as theoretical:
Let's start with applied ones. Here in information security it is "divided" into two parts: in fact, security and its testing.
First, it's more of a system administration and best practice, when everything is planned for you, just follow the instructions. In my opinion - the most useless occupation, because no creativity is required. Of course, you can do turnkey integrated security, but this is only interesting because there are too many nuances. Well, yes, it is worth monitoring the news for leaks ala heartbleed.
The second is much more interesting - the uncles made cool protection, all sorts of dynamic bytecodes and evolutionary systems (genetics and all things), there is much more creativity here, because you usually test a system made according to best practice, and the task is to break it, not say " everything is fine". After all, if it is broken, it means one less vulnerability, and if not, then the wave function will not collapse. But on top of everything else, reverse engineering is required here, so disassembler and compiler-linker-linker tweaks are guaranteed, as well as a much more detailed understanding of how the computer works. However, nevertheless, there is something like good practice here: there are a lot of quite working techniques and it is hardly possible to come up with something new. And finding something worthwhile is usually just luck, not something outstanding.
OK. There is also a theoretical one. This is an in reseach area full of swearing and incomprehensible things, yes. There is a fairly new theory here that is still walking the line. The most promising direction - discrete and number theory turned out to be extremely unprepared for the transition to the digital era. It was lucky at least that the Euler function did not let us down, but in any case, there is definitely something to do here: quite recently, the French have simplified the complexity of decoding general linear codes quite well, and here I’m telling you first-hand that the first subexponential algorithm may have appeared (and this is on , for a minute, McEliece), which, by the way, is already on the heels of P ?= NP. However, cryptology is really boring. Incredibly boring. In practice, there is nothing to do, the throne will be divided between two or three teams, and what about the rest? So there will be no destiny, checking and rechecking the results of colleagues. Well, cryptography itself with cryptanalysis is also the same confrontation with the same practice. Of course, there are many more opportunities to discover something completely new. A month ago, they discussed the abc hypothesis and what is possible if it is true. Of course, they didn’t come to anything, but it was very interesting. But one thing is clear - it is a theory in Africa, but in practice it is used incredibly little. Unless the same sub-exponential algorithm, if it justifies expectations, is quite usable for error-correcting coding due to the much greater efficiency of the "random" linear code. Although, there are actually a lot of interesting things there, I recommend at least looking in the direction not so much of hard information security, but in information theory in general. What about cryptography?.. Come on, cryptography. Is it just the fact

security.stackexchange.com/questions/15233/how-do-...

How can you want to dedicate your life to something if you don't even know what it is?

start searching for information and chatting with the forum securitylab.ru
google provides tons of information on IS issues IS
is interesting and promising, don't let yourself be demoralized :)

Of course, I, too, recently in this area and started without having the slightest idea at all, Bruce Schneier's book "Secrets and Lies. Data Security in the Digital World" helped me get up to speed. Maybe it will clarify something for you.

Every week the same stupid question.