How to go to security?

Hello.
The situation is this. In the summer he graduated from the specialty "Organization of technology and information protection" (Petersburg).
From the end of the fourth year he got a job as a software engineer, worked with cryptography. I quit in February for a number of reasons, and I just didn’t like programming. He defended his diploma, went on vacation with his family and started looking for a job.
Considering that they don’t want to take on a job without experience in the field of information security (and who will entrust a yesterday’s student with all the security of the company’s IT infrastructure?), I found a job as a specialist in the IT department.
Conventionally, information security can be divided into 3 categories (as I see it): pieces of paper, programming and administration. Administration lay closest to the soul (as a student, it was simply problematic to find a part-time job with a hell of a schedule).
As a matter of fact, a question to respected experts. How do you grow into a security guard? What can you advise to study (the current work allows you to spend several hours a day on self-education)?
I know information security laws, FSTEC regulations, principles of operation of cryptoalgorithms, several programming languages ​​at the middle level, Windows at the administrator level, skills in using Kali Linux, Wireshark, OllyDbg). Theoretical knowledge is in order (red diploma, I just studied, and it was interesting to do it), but the skills are not enough. I am very interested in the field of cryptography/steganography. And most importantly, everyone is interested in the experience, documented. After working for a month, I realized that most of what I know is either of little help in solving the issue (practice is needed) or, in principle, is useless.
I try to look at vacancies related to information security, but, basically, everything is in general terms, for example:
"Ensuring comprehensive information protection in a corporation. Documenting existing business
processes, monitoring, coordinating, risk analysis and searching for vulnerabilities in information systems
secrets
Work on the security of personal data
Regulation of access rights in information systems Management of access rights in various information systems
Writing normative documentation, regulation of business processes
Counteracting the leakage of the source code of information systems Building a system for protecting databases, contacts, information systems, sites
Organization and conduct of internal investigations of information security incidents.
Development of procedures and instructions on information security issues.
Ensuring the development and implementation of identification, authentication and audit mechanisms in existing information systems
Implementation of organizational and technical measures to ensure the security of business processes
Analysis of logs in the DLP system (information leakage protection system)
Participation in projects of the information security department
Risk analysis and security of corporate infrastructure
Development of recommendations to prevent damage and reduce possible financial risks and losses
Carrying out activities aimed at compliance with internal corporate procedures and rules
Consulting and training employees on information security issues "
And it is not clear how to go from administration to information security. Of course, I have antiviruses, there is a backup, a lock system (unfortunately, video surveillance and access control at the security, and the automatic telephone exchange at the engineers), but it seems to me that this is a little different.
They offered to go for an interview at the FSTEC, but wait 4 months for a security check and work for 15 thousand a month - excuse me. I still get no much more (23 on hand), but at least I work, and not just sit.
The dream is to get the position of Security Administrator or Security Officer. What needs to be done so that after working for a year in administration, I do not stay at the start in IS?