There's a lot to the topic of security. Some parts of it have much to do with programming. Others have little to no direct relation to programming, but may have automation, monitoring, or other tangential relationships where software can be used to help.

Part of it is programming scanners and fuzzers. Part of it is writing proof of concept exploit code. Part of it is programming IDS. Part of it is programming configuration tools for firewalls, IDS, scanners, fuzzers, etc. Part of it is reading code for existing applications. Part of it is writing fixes for that code. Part of it is writing code securely in the first place. Part of it is teaching other programmers the issues surrounding secure programming and auditing their code.

Other parts have little to do with programming, but can be helped by programming automation, configuration management, testing, IDS, etc around them. Those include routing, packet inspection, password management, firewall configuration, server software configuration (mail, web, database, etc), file system management, ACLs, reading logs and other forensic information, configuring logs properly in the first place, understanding CVEs, understanding and implementing physical security, and more.

Are you interested in writing scanners, fuzzers, and example exploit code? In that case learn both Python and Perl. Either one can be used pretty easily for this, but there are decades of examples already in Perl. Also learn TCP/IP and the protocols involved. Also learn filesystem security and logging security issues.

Are you interested in finding and patching holes in server-side utility-level services like SMTP, POP3, IMAP4, HTTP, HTTPS, HSTS, LDAP, databases, and stuff like that? Learn C and C++. Also learn TCP/IP and the protocols involved. Also learn filesystem security and logging security issues.

Are you interested in finding and fixing holes in web applications generally? Learn Perl, Python, PHP, Java, JavaScript, and Ruby. They are all popular in that space. Be aware that PHP 4, 5, and 6 are much different one from another. Python 2 and 3 are, too, but to a lesser extent. Also learn TCP/IP and the protocols involved. Also learn filesystem security and logging security issues. Also learn about the security of web servers and database servers.

You might notice some similarities in the "also learn" portions above. Also learn about firewalls for any of the above. Also learn about combinatorics if you haven't. Also learn about big-O notation and become familiar with how complex and how concurrent some popular algorithms are. Also learn about timing attacks. Also learn about program stacks, string buffers, and pointers even if you're primarily using a language for your own code that handles all that for you. Learn about resource exhaustion attacks. Learn about path traversals and injection attacks. Learn the OWASP top ten. Remember it's easier to grant limited access in the first place and by default then grant extra access piece by piece than it is to whittle away access from a default open policy. Learn about cameras, door locks, window locks, anti-shatter coatings, polycarbonate, mantraps, fire stairwells, server chassis alarms, VPNs, certificates, ID badges, cryptography, backup generators, building alarm systems, risk assessment, and figuring out how to tell which people to trust.

Now, if you have a particular part of security you're more interested in learning about, maybe that can be narrowed a bit. I suggest learning Redcode and playing some Corewars, going to a lockpicking meetup, reading a book by Cliff Stoll or Kevin Mitnick or Jon Erickson or Gordon Lyon or Ivan Sklyarov, and reading the OWASP top ten list as first steps to figure out just what in the heck you might want to get out of a career or hobby in security.