OSCP, red teaming, possibly CISM or CISSP for upward mobility.

I would not waste time and money on certifications.

As someone not in the field, but curious of getting in, could you explain why not?

There is a bias against certifications by some (but by no means all) professionals in InfoSec, since it is a heavily "hands-on" field. There is more emphasis on demonstrating actual ability through CTFs, bug bounties, published exploits, etc.

However, unlike Certified Ethical Hacker, CISSP, and other "mile wide, but inch deep" certs, the OSCP is a heavily hands-on certification that tests actual ability. No knowledgeable employer would discriminate against you for earning it.

And CISSP or CISSM are valuable if you're applying for a management job. For government defense-sector jobs, they are often required.

This is why companies need services like TexPlained.

http://hardwear.io/olivier-thomas.php

This is great. Beginners can also join 33k users world-wide on https://www.hacking-lab.com/ for free :)