Not sure if this directly answers your question, sortajust went on a tangent. I've have a year of work experience in the field.
Stay up to date in Information Security Current Events. Hak5Threatwire is a great show for that as you may already know. (sic, aesthetics)
Check other sources such as SANS, read InfoSec blogs, perhaps even consider getting involved in writing one of your own!
Research exploits from different services, applications, operating systems, etc... that are written in various languages (python, shell, php) or that are used in environments such as HTML
login screens / web hosted SQL databases / Cross-Site Scripting ... Understand what makes these services vulnerable, and how the exploit works. Many times, you will have to modify an
exploit code for it to properly execute. This could be simple as changing the listening port or it could be more complicated such as generating a payload and inserting it into the PoC code.
GET HANDS ON! Find hack challenges online.. there are plenty of ones provided, check out the OWASP community, they have some great web app based challenges.
Get your hands on a vm from VulnHub or such, set it up, run it-- and see how much you can hack, for lack of a much better description that you indubitably can fill in.
If you cannot complete the challenge, or simply have problems getting started, there are often tutorials submitted by various users on how they worked through it...
Research Security Standards such as ISO27000, and try to understand Security as a big picture and not just the cool 'sexy' ub3r 1337 red team pentesting techniques.
Think about how companies choose convenience over security. It is difficult to convince a CEO, often these days, to invest in security (ROI in Security is immeasurable)
Understand the concepts of social engineering, and that the prime source of security errors is usually due to human error. People can be manipulated to lax security.
What would I assume security experts to know?
To patch their systems. To lock their screens when they walk away ^_^
Command Line / Terminal -- With excellent proficiency in at least one
Familiarization with programming languages -- With excellent proficiency in at least one
Networking Advanced Concept Understanding, Strong knowledge of Basic Networking
Information Security Current Events ... Also, Attending Events Regularly (Conferences)
Exploits & How they work and how to run the exploits manually, not just Metasploiting
Hope this was concise and complete enough to provide you with sufficient guidance.
Looking forward to what others have to offer on this subject-- always willing to learn!
h4ck th3 pl4n3t