First I'll give you the more obvious answer. You should start with a survey of computing languages and then operating systems. Without knowledge of a lot of operating systems, I would have been severely hampered in attacking a lot of security problems. Sometimes the bad guys will use lesser-known technologies to circumvent security measures. Since lots of people are familiar with a smaller number of popular technologies, these hacks are solved more quickly. But now, I'd say a very practical approach is to read books on hacking and computer security. The reason for the first step -- learn programming and systems and computer architectures -- is obvious. A second step of simply looking for a class in computer security or reading texts on computer security is to understand existing countermeasures. The downside to this is that many hacks are perpetrated by folks who have studied these same books and outwit the countermeasures. The next step is to read books about hacking. Beginning Computer Hacking by Alan T. Norman is a good start. Then there are other books that go deeper.
Now I'll give you some advice that will be a little less predictable than, say, a book of computer protocols. It may be less often that you'll need this information, but if confronted by such a problem, you'll be congratulated. Read a book on psychology. Get a taste for the motivation of your hacker. Most fall into two categories. First is for gain or control. Second is just for fun. I was once tasked with finding out why a system was going down for two minutes at seemingly random intervals. That was pretty straightforward because I did the standard thing of looking through system logs, nailing the failing module, and looking through actual code for vulnerabilities. But another time I was tasked with finding out why a telecommunications system was falling down every now and then. In that case, there were tons of control interfaces to look at. I decided that the outages didn't seem to gain anyone anything. So I thought of where control interfaces would be exposed to, say, college kids, who would be more prone to do something just to see if they could. Psychology. And looking through some hacking magazines of the time, I stumbled on an exploit that was nothing more than initiating a database update that could be corrupted. If you are confronted with a system that is behaving badly -- outages, slow-downs, etc. -- it may simply be a bug. But if it's someone messing with the system, it might be nice to understand what attracted a hacker to that particular attack.
Cybersecurity is like engineering maintenance. The vast preponderance of work is done to design a system that does what's required. Cybersecurity, like engineering maintenance, is done to address every other possibility in the universe, so it pays to understand the motivation of the perpetrator to at least pare that set of possibilities down a bit.