Many companies like to see that security is a passion. Blogging will not only help them see this, but it may also be a great place to practice doing research projects and writing about them. This can do nothing but help you with your masters thesis.
As for experience, go get it. Blogging will show interest and passion, but will not be viewed as experience. Volunteer your time with either Univ IT, an internship, Hackers for Charity... anything that you can throw on a resume as real experience regardless of whether you got paid to do it. With 2+ years to go before you hit the workforce, the time is now. Imagine someone looking at the resumes of 2 candidates with the same education and you trump them with 2 years of individual research projects, blogging, philanthropy and experience. I think you can see where I'm going.
Hope this helps,
CISSP, MCSE, CSTA, Security+ SME