Probably and options for action from the "other side"? :)
2. Preliminary preparation. How do they do it?
3. Public and private information. Collection of information
4. Wired and wireless networks. Possibilities of modern tools
5. IT-Security of operating systems
6. Social engineering
7. Vulnerabilities and their exploitation
8. Cryptography
9. Botnets
10.​ Reverse engineering (reverse engineering)
11. Specialist's toolkit
12. Security issues associated with the use of web resources
13. Action scenarios for network penetration
14. Actions after penetration
15. Post-Attack or Penetration Analysis
16. Protection and prevention

• Intrusion Diagnostic Systems (IDS)
  
• firewall
  
• Sandbox
  
• Centralized logging
  
• Balance of safety and convenience
  
• Staff training
  
• Creation of corporate security policies and their implementation
  
• Creation of the information security department
  

I have never been an information security specialist, but IMHO you can focus on one of three:
1. System administration with an emphasis on security. From this I am generally far away, so I can not say anything.
2. Search for vulnerabilities in software. Learn C / C ++ to understand what holes can be left when writing software, and then the assembly language for reverse engineering programs. Well, there, I don’t know, look on the Internet for the source codes of viruses, sort it out.
3. Search for vulnerabilities in web services. Learn some server-side language (PHP, Python, Ruby, etc.) + JavaScript + SQL + basic HTML. Google XSS, SQL injection, DDoS. If this option is interesting, I can throw a couple of links on the basics.

Try in the third and subsequent year to deal with specialized subjects and ask teachers questions on incomprehensible aspects.
They teach - at school, and at the institute - they study!

- Know all popular languages ​​(and most of the unpopular ones too)
- Know all types of databases (regular Mysql/MSSQL/Postgres + all sorts of document-oriented ones)
- Know how protocols work, how and why they work
- Know *nix/win, how they work and what where it lies
- Know popular vulnerabilities and how to find them
- Know popular hacking software and be able to use it
- Be able to think outside the box. Be able to lose the ball in a closed room.
Here's a short list of typical early 00s kiddies skills. An information security "specialist" should know/be able to do all this, plus a bunch of other ways to protect yourself from it.

You, as a novice specialist, should already know what is in trend and what is not.
Google is full of wonders

Look for the book "Public Key Infrastructures" (O.Yu. Polyanskaya, M. INTUIT, 2007)
Or take the free course of the same name www.intuit.ru/studies/courses/110/110/info

We are looking for a well-known whitehat (preferably a few)
We rush to his feet
We kiss Tearfully
we beg to take ourselves as students
or go to the underground and independently and painfully study everything that comes to hand

You have already met core subjects, there will be more of them in the next course. If among them there are those that are of interest to you, then focus on them, search the Internet for more detailed information. Within the framework of what they read at the university, they will give only the names and the direction where it is worth looking. There are a lot of these areas, and information security is a very broad concept. It is necessary to choose nevertheless a narrow specialization in which it is interesting to grow.
As for literature, you can talk with a teacher who reads a subject of interest, I'm sure that he has, and he can tell you.
He singled out two areas for himself: cryptology and the construction of complex information security systems (CSIS). Although in the future I do not plan to connect my life with this :)
PS completed the 3rd course "Security of information and communication systems"

I will add that it would not be superfluous to study the normative, 152nd, STO BR IBBS, ISO, etc. I know "specialists" who leave only on this. And it would be nice to choose the desired direction (no one knows where exactly you have to work, but still) and follow it, you won’t learn everything.

Continue learning through the program. Learn additional network technologies, operating systems, search equipment.
In practice (for a student, an integrator company is a good solution) study security systems: NAC, DLP, SIEM, various information security tools.
From the literature, you can start with Vito Amato - Fundamentals of Cisco Networking.

Daniil Kolesnichenko 's advice is the most efficient. I would just combine the last 2 points into 1 (essentially both about the emphasis on software development security and vulnerability auditing) and add a new third one - information security management. It is not as interesting as "catching hackers" - believe me, building a competent information security process and writing all the necessary documents for it is often much more difficult than setting up IPS / finding XSS.
as a result, 3 directions are obtained:
technical protection, development security and vulnerability audit, information security management.
Choose, further develop in one of the directions.

Linux (old school after all)