Like a security program itself, learning about information security is always a process—never a finished state. Although we have learned the basics of networking; how to become a power user of Nmap (and the other tools in the Nmap suite); how to conduct a vulnerability scan; and, now, how to conduct a penetration test—there are millions of other topics available to pursue.

While there's no set curriculum to become a security professional or to continue one's education in the field, there are many more books on the subject—and many different topics to cover. I strongly recommend you to look into The Web Application Hacker's Handbook, if web application assessments is interesting to you. There are also countless books on Metasploit, ...