Take this with a grain of salt, as I also find myself in pursuit...but what I’ve found so far is a lot of the knowledge that’s taught accessibly is how to scan for and assess common vulnerabilities and exploits. Mostly trying to find out what kind of software the hardware is running, and finding an unpatched vulnerability for that version. As I’ve been told a million times, “95% of all malicious acts were done simply because people didn’t or couldn’t update their software in time.” However I can say without a doubt the most advantageous positions I find myself in, are when I’m able to apply some specific set of knowledge with a couple others, and figure out how to chain together various aspects of the software creation process in order to produce a bug in my favor. But in terms of actually breaking into the info sec field, a good place to start is ctf challenges, and while 99% of the time this will consist of just executing some else’s code to exploit a vulnerability patched long ago, it will show you the common types of attacks and defenses, and introduce you to functionalities that you might otherwise not come into contact with as a programmer.