So, here's a question. I'm already working in Information Security. Started out as an Auditor (compliance scans, analysis, etc). Now I'm an IA Task Lead, and I'm responsible for the Certification and Accreditation of a Systems Integration Lab Facility (asset management, configuration management, network security, system security, the whole 9 yards).
Am I qualified? I think so: I have a Bachelor of Science in Telecommunications Systems Management with a Concentration in Information Security. I have the following certs: CCNA, Security+, OSCP (awesome!), CEH, and ATSP (the Adtran CCNA equivalent). I'm about to do Linux+, CCNA Security, and CISSP.
Here's my first question: I want to start a Master's program, and I've looked at several. I like working in IA, but I don't want to trap myself in it either because I also enjoy systems analysis and design, and I'd like to move into management after a few years. So, do I do an MS in IA, an MS in Information Systems and concentrate in IA, or do I just leave the technical to certs, and get my MBA to help me get into management?
And my last question: As far as HR/Hiring Managers go, what is more important for mid- to upper-level positions? The Certs that show I know about the field and experience, or a Graduate degree specific to the field? (i.e. would it hurt me to get an MBA if I was staying in IA for a while ?)
And last, as an FYI, I'm also involved in Pen-Testing, and would like to continue to be. So, I don't want to sabotage that either.... so many variables