Hi everyone, so I have about a year of actual cyber security experience at a very large company (Dell) as a firewall engineer. I pretty much only deal with proxy's and a bunch of firewalls from different vendors. I love my job, but it's not what I really want to do. I ultimately would love to be a pentester, or maybe something to do with forensics. Anyways, as for IT experience, I have plenty of that, along with ccna, sec+, net+, a+, and some Palo Alto certs. The only thing holding me back from cyber security certs is the cost, which I think Dell will pay for within reason.
As I said, I'd like to be a pentester in the future and have been looking at doing the GIAC GPEN cert. I hear OSCP is the "ultimate" pentest cert and has a crazy 24 hour hands on test. I don't want to get myself into something way over my head, which OSCP seems to be a very advanced course – correct me if I'm wrong – so I have been looking at the gpen cert. That seems like a pretty solid, middle of the road cert that is also respectable in the industry. I've looked at CEH as well, but I keep hearing that is a joke and isn't very respected… Like I said, Dell MIGHT pay for the GPEN, but given the ridiculous price tag of 7k for the course and 800 for the test, it wouldn't surprise me if they wont. In wich case, I might just do CEH. Also, I believe OSCP is significantly cheaper.
SO. What are ya'lls thoughts/recomendations in regards to certs leading to a pentesting career?
edit: I will do both OSCP and GPEN, but I need a good place to start that is at a reasonable difficulty. Also, I have very limited programming expereince and the very basics of linux.