Make sure you understand C/C++, then assembly, then reverse engineering for starters. For bug finding, find out about all the bugs that are being discussed and what they look like so you know what to look for. Then start fuzzing and trying to triage all the crashes. For writing exploits, find some good exploits and see how they work. Then start trying to write some for known vulnerabilities or ones you’ve found. If you’ve got the cash, take Dino and Alex’s training course. My main advice is to get your hands dirty and just jump in and do it.