Hey Chris, congratulations on finishing your degree. That's a huge accomplishment. I'll hopefully also be able to call myself a college graduate soon.
I've therefore been weighing this exact decision as well. I'm personally leaning towards an MBA program, even though the subject matter isn't particularly interesting to me. I think that will have the most ROI and open the most doors in the future. I don't particularly want to go into management, but that could certainly change after another decade of high-travel and backwards schedules. While you certainly don't need such a degree to start your own business, having that knowledge will significantly increase the likelihood of success there if I ever decide to branch off in that direction. Even if I stay on the offensive side, I regularly interact with executive management, and the clients I work with have become increasingly important over time. Having a better understanding of the business side of things will also allow my to add more value in my current role.
I personally just can't justify an InfoSec degree. It'd be a different story if I was in my early-mid 20s and trying to break into the field, but I don't believe such a degree will make me any more marketable than I am with my current credentials and experience. There's plenty I don't know, but I can self-study and research those topics on my own. I don't need to pay thousands and sit through lectures for it. I've also found a lot of college infosec material to be very academic and not necessarily applicable to the real-world.
If I wanted to get down-and-dirty for a graduate degree, I'd go with mathematics or computer science. Perhaps something similar to that big data analysis program you mentioned. I don't want an infosec MBA or computer science with an infosec focus, or anything like that. I can apply security concepts to whatever I learn on my own. I'm the most interested in learning something I'm not familiar with, which I think will provide the most personal growth.
That said, if you plan on acquiring a high number of SANS/GIAC certifications, and eventually the GSE, getting a masters at the same time wouldn't be a bad idea. The core courses and certifications are the majority of the work and expense. The papers and misc projects aren't too much more beyond that. I thought I was going to be able to start the program with the majority of it completed, but they wouldn't accept my certifications because I challenged them instead of taking the courses. I would literally have had to start back at GSEC and go through everything again. There's no way I'm willing to put the time and expense into going through all that material, which I've already demonstrated I know and understand. Even if things had worked out with this, I probably would have still pursued a non-infosec masters.
Just my two cents. Good luck, and keep us posted with what you decide.
The day you stop learning is the day you start becoming obsolete.