I am currently doing my M. Sc. Applied IT Security. Before deciding to study it, I used OWASP to get an idea of the practical side and how to apply what and which kind of things to keep in mind. However, now that I started my studies, I can promise you that it's lots of Math and you should not attempt to self-learn it.
You can learn many things by yourself, for example programming. When you make mistakes, things will break and you will know that you did a mistake, because something will stop working. If you, however, do a mistake in IT security and things break, you might not find out that something went wrong (for example: web servers tend to work even though they use outdated ciphers). However, the bad guys will find that attack vector, and they will use it for bad things. They will not tell you about the security problem.
So, if you want to learn about rudimentary security, go for OWASP projects and the OWASP wiki, they are very good! However, for important things, always get a specialist. In case you want to learn the in-depth knowledge and become a specialist yourself, STUDY IT at a University.
If you want to have a peek at stuff you will learn, go and buy this book. Read it and do the exercises. If you are still interested, remember that the Math part will become more difficult and that you will have to keep all those algorithms in mind and also be able to think about ways to attack the ciphers (both, practical and mathematical) ;)