You can start by watching the same videos from Yandex KIT (Information Technology Courses):
Security of Unix-like OS
Cryptography, encryption
Overview lecture on security
Network security
Information security
Information systems security Information security Information systems
security From the books you can read Andrey Biryukov: Information security: protection ... On the same Habré, you can scroll through the information security section to understand that you can choose InfoSecurity From the general, I think, it will already be possible to understand what applied things to do.

I'm not strong in this topic. But I think that a person who positions himself as a security guard should first of all be able to program well. Those. to do what led to the creation of programs, networks, auth. systems, etc.. This will help to get an idea of ​​the possible dangers that may arise in other people's programs, in systems that should be secured. Those. you need to be aware of where the potentially vulnerable spot is, and in order to be aware of this, you need to "boil" in the boiler of program development, network settings, database design, etc. And of course, as I think, be able to analyze people and their actions. Because basically laziness, greed, stupidity and carelessness leads to the fact that programs are written with errors, and the architecture is crooked. For example, I found out that the company has a weak admin - dig in the direction of a network attack, weak programmers - look at the versions of the libraries used in the program, not very educated staff - deal with the issue of social. engineering.

Watch the movie "matrix", it shows nmap. If you yourself cannot understand which direction you are interested in, if you are not able to search for information in this direction, watch a movie better.

Start with courses here atraining.ru a
lot of free and if you like it, then listen to the paid ones, they cost a penny there

Much depends on what goals / objectives are in the foreground, but the study of literature is also an integral part of the practice.
A selection of links:
The best books about security with RSA 2014 - Kaspers...
Books and resources on information security - Toster
Books on information security. - Habrahabr
---
Books on information security, cryptography, hacking, ...
bezopasnik.org/article/book/index.htm
proklondike.com/books/security.html

Information security is a very big concept... This includes knowledge of networks, cryptography, programming, web application analysis, reverse engineering, virology and much more...
Decide what is interesting and useful for you at the moment. Then you will finish learning and relearning constantly ... :)

If necessary, you can pump paper security even more in order to know the boundaries of the vast legislation of the Russian Federation.
But it's boring.
Go to conferences (PHD with ZeroNights is normal), crash Wi-Fi, ping servers, leak databases, steal passwords with MITM in Macdac, and after that you can go crazy and choose a direction.

You need to know what to read and where to practice.
What to read:
https://webware.biz/
https://kali.tools/
https://hackware.ru/
zalinux.ru
https://defcon.ru/
Where to practice:
https://habrahabr.ru/company /pentestit/blog/261569/
https://xakep.ru/2010/06/03/52289/