Cybersecurity Master's vs. OSCP

Hey, I'm currently deciding between two options and would like some advice. A little background about me first. Like many, I'm trying to break into the Information Security field. I have a degree in Information Systems and I work in technology as a Business Analyst (not security related at all). I also recently completed the CSX Cybersecurity Fundamentals Cert from ISACA to learn about some of the basics and get my feet wet.
I would like to move onto the next step, especially considering I'm going to have some down time these next few months. I have been eyeing the WGU Cybersecurity and Information Assurance Master's program. I know Master's degrees in Cybersecurity have a mixed/negative reputation, but what I like about this program is they offer two certs as classes (CEH and CHFI) and also my company will provide tuition reimbursement cutting the costs significantly.
My other option is going for the OSCP. I know this is a rigorous test, especially for newcomers, but I'm willing to put forward the commitment. From what I've been reading, completing this cert should qualify someone for a Junior PenTest role. A con for me is my company wouldn't provide any reimbursement and I would have to pay completely out of pocket.
Which of these two options do you think would be beneficial for me? Open to hearing other suggestions as well!
Comments
Cybersecurity in itself is a very wide domain, so please define what area is interesting you the more. I am guessing that your experience as a business analyst would lead you more to translate technical requirement to business requirement and vice versa, than a more technical only one (like pentester).
/|\
/ \
You choose whether you want to get certs along with the extra student loan debt.
or
Trust your BA and get those certs without the extra debt. Granted you may still have your BA debt to deal with already.
Good luck, either scenario is a blessing to have.
2023 Cert Goals: SC-100, eCPTX
You should be aiming to get your CompTIA Security+ certification. After you successfully pass that, run through some labs then place the labwork in your resume as experience. From listing he OSCP I assume you have chosen Penetration Testing as your area of focus in cybersecurity. You can then begin intermediate certifications such as CEH or Pentest+ which focus you more into that path. After either of those come the OSCP. That would be your natural path in my opinion.
However, I will add, if you go to a traditional university for grad school (MS and/or PhD), if you can do research, you will essentially on a full ride. So no debt if you plan on writing a Masters thesis or dissertation. The only drawback for this approach is the stipend is low. But, tradeoffs, right?
Yes, I realize you are already in industry, and your options are limited, but you may be able to conduct research on a part-time basis in exchange for a lower cost MS/PhD. All universities really care about is publications because it will bring them more funding. Look at publishing as your ticket to advanced degrees at a lower cost if you can't go full time. It's possible, but will take a bit of time.
VV5 out.
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next: GCIA/GCWN and/or GCUX/PMP/GSE
Next after next: Med school!!!!! Lol
That said, I agree with egrizzly that if you don't have Security+ then you should probably hit that first.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?