You may be already aware of how broad Information Security is and there are many avenues to explore. I had narrowed down what I wanted to focus on and it boiled down to a combination of things I was already familiar with from working in regular IT, and some things I had not done before.
While some of my interests lean toward the day job of protecting an organization one way or another, there are plenty of ways to use these skills and have some fun in a constructive manner and without breaking the law. One thing that wasn’t mentioned that often in my earlier years of learning about the security/hacking culture was how to build those skills without causing real world damage.
I often ran into a couple of questions regarding how I would sharpen my skills which were partially answered by setting up a home lab; however, its not like any or everyone plans to build a large lab in their home. I wasn’t necessarily working toward just applying these skills to the day job as I tend to enjoy doing Capture the Flag events once in awhile and sometimes I want to practice on something I’m even less familiar with.