Get as much experience as you can.
Read or otherwise “obtain” books on security- Web Application Hackers Handbook, McNab’s “Know Your Network”, Hacking Exposed books, etc. Alot of the No Starchpress security books are amazing imo and they usually end up going on sale on Humble Bundle.
Test your skills on vulnerable machines. There are literally hundreds of vulnerable machines out there you can mess around with, everything from commercial solutions like Hack The Box, AttackDefence, PentesterLab, etc to Vulnhub OS’s and Vulnerable By Design application (OWASP juiceBox, WebGoat, DVWA, DIVA (apk), ■■■■ Vulnerable iOS app (ios), Google Gruyere…)… the list of areas for you to hone your skills are enormous.
If you have the money to and you are close to locations where security conferences are run, they’re a great place to network or find prospective companies willing to take on “noobies” and train them up. Plus you can usually find people there willing to share knowledge.
And don’t forget to appreciate how much you do know and give yourself credit. Impostor syndrome in this industry is crazy.
~4 years experience in the industry and still learning 