Degrees and certs are both used as screening tools.  If you don't have what they're asking for, your resume may get tossed.  In general, I think degrees are more valuable, but there are cases where a cert will win out; for instance, a CCIE is probably more valuable to a network engineer than a degree.  The ideal move, however, is to get a degree and some certs.

In your case, you already have a B.S. in engineering.  This should be enough to get you past a resume screen.  Lots of people work in IT/security with degrees in unrelated or semi-related fields.  Most employers are using degrees as a marker of intelligence/work ethic without worrying about the particulars of what you learned in the degree.  A CS/IT degree with a focus in security would add a little, but you're not losing out by having what you have.

I'd recommend getting some certs now and worrying about the M.S. later.  The CCNA is very useful and will show that you have a good foundation in networking.  The CEH is an HR favorite but my impression is that most actual penetration testers don't think very highly of it; it's often required or preferred for pen testing positions, but you'll probably learn more doing something hands-on like the OSCP or eCPPT.  The various SANS certifications are pretty well regarded, but they're expensive.

Once you have more experience in pen testing and a few certs under your belt, a master's degree will make more sense.  Master's degrees are often preferred for senior technical or management positions.  Having a master's degree for an entry level role probably won't help a lot and may hurt you.  Some employers will assume that you're just using them to get your feet wet and will move on within a year or two--employers like to expect loyalty, but most won't show you any in return.  

Are you going to do your master's online or would you go back to school full-time?  If you're going to go to school full-time, it may be less disruptive to just get the master's now and ignore my previous advice.  If you do, be ready to convince your future employers that you're willing to put in some time and not jump ship right away.  You may find an employer who is happy to see that you have a master's (Google prefers them) in which case you just win outright and don't have to explain anything.

Good luck.

Thanks for your feedback so far, anyone else is certainly welcome.

I'm starting to rethink and seriously lean towards certificates. To answer a point raised I'm doing currently enrolled in the masters online, but I've just got access to the course material. It all seems extremely basic, and I'm confident I could pass each subject with my self taught knowledge right now. I admit this is only the first 4 of 16 subjects, but I'm realising how largely theoretical the degree will be.

I'm fortunate enough that I'm pretty happy in my current field, so these qualifications (whatever type) is 90% because I enjoy learning, 10% because if I feel like it I can change professions slightly easier in the future. I think looking at it now perhaps the practical knowledge will be more useful, and enjoyable, for me at the moment.

Cost wise certificates to a point make sense. The masters will set me back $25600, which is an expensive learning experience. Admittedly it's nice I can defer paying it (hecs-help in Australia), but ill have to fork out eventually. Certificates are not cheap either, but it's all relative.

Sorry I know some of the above didn't have a direct question, I'm more thinking out loud and asking for a double check on my thought process The biggest unknown I had was how limiting will and engineering degree be in applying for jobs as oppose to a specific IT degree. It seems the answer is a little but not as significant as I expected.

TL;DR most likely use the degree as a foot in the door showing work ethic and problem solving, then use certificates to demonstrate technical ability in the relevant areas as ill probably enjoy the technical learning a little more, end up with less debt and be reasonably valuable regardless.

Thanks!!

It's a killer period

As also mentioned above, I think you're in a pretty good place in terms of formal education since you already have a BS degree. I think engineering also demonstrates that you have aptitude for the technical concepts you'll need to master in this field.

That said, I don't think "Certificates vs. Degree" is the right mindset. They are complimentary, and you should strive to make each area as strong as you feasibly can.

Your master's is only going to increase in cost, and will also likely become more difficult to complete due to life responsibilities, the longer you wait. Since you've already started the program, I'd keep up that momentum and see it through.

If the material is as easy as you say, throw a cert or two into the mix to keep things interesting and strengthen that portion of your CV. Also, while obviously not as good as actually having the degree, showing that you have a masters in-progress is beneficial.


MaXe also told me I should learn how to ride a bicycle before attempting a backflip on a dirt bike. His advice is solid