This is my first post after I have been lurking and reading this forum for a number of years.
I was hoping to get some input from you folk or guidance or just your opinion on my dilemma.
I have been working in IT for over 12 years now, approx 6 in Infosec (defensive). I am 31 years old and feel as though I have reached xroads. My current role involves operational, project and integration technical work in defensive security across various vendor products. I hold various technical vendor certifications but lack any formal education ie. bachelors, masters ect. I do however have the extra experience in years from not attending Uni which does count.
Now I have three challenges and will try my best to describe and outline them as best possible in number format. All three borders very closely to one another and making a concrete decision on one will simplify the others.
1. Now at the point where I feel I need to either, focus and specialise more in tech infosec ie. offensive security or bridge the gap between tech and business and transition into a Sec Solutions Architect type role. I know these are very different paths, I do have very keen interest in offensive security which drives that thought however when I think 5-10 years ahead and take my age into consideration I contemplate the SecSA path.
2. Education or rather 'resume marketing'. Like I mentioned I do not have any formal education and it feels like a monkey on my back. But on the flip side perhaps not that important as I already have a career foundation and experience. Do I persue a bachelors followed by masters in infosec or rather focus on getting say for example cissp followed by oscp and the likes. This also depends on which direction I decide to take in (1).
3. I am currently performing contract work for company x with good working environment and wage, there will be a push in the future to convert to perm which means lower wage. Also career progression at x is somewhat limited but it does have ++++. Currently in talks with company y, still tech position, perm with good wage, challenging environment both technically and politically, will be out of comfort zone compared to x. Now add a cat to the pigeon cage and say company z might be offering a SecSA position, also good wage but different path when comparing tech, defensive and offensive and business ect.
What can you folk recommend or suggest. Any insights into offensive role and your possible opportunities in later years vs SecSA. Also what about performing SecSA as profession but still doing research and offensive work in your spare time. Some many thoughts and so little time to make decisions.
Would appreciate any feedback.