Many companies like to see that security is a passion. Blogging will not only help them see this, but it may also be a great place to practice doing research projects and writing about them. This can do nothing but help you with your masters thesis.

As for experience, go get it. Blogging will show interest and passion, but will not be viewed as experience. Volunteer your time with either Univ IT, an internship, Hackers for Charity... anything that you can throw on a resume as real experience regardless of whether you got paid to do it. With 2+ years to go before you hit the workforce, the time is now. Imagine someone looking at the resumes of 2 candidates with the same education and you trump them with 2 years of individual research projects, blogging, philanthropy and experience. I think you can see where I'm going.

Hope this helps,
Don

I can only echo Don's comments, but also I use my blog to keep my mind on track and to help me focus, otherwise i'm like "oh nmap upgrade gotta give that a look" and "wow i didn't know hping could do that, let me try", then "metasploit can do that too. let me see".  And all this happens in the space of a few minutes so the result is nothing gets really looked at in any level of detail. 

And the problem?  Well the truth is that all these tools, techniques and websites are all so cool and interesting and it's hard to keep focused.  So i use my blog to do just that.  I pick something that interests me and try to come up with enough material in my spare time for a post each week.

hope that help.  Sorry for rambling.

Syn