I have both Sec+ and CISSP. I would say skip the Sec+ and go for CISSP. CISSP has everything Sec+ has and more. CISSP is a beast in its own right, you have to learn the rules in ISC2’s reality. Think like a high level boss in terms of how to defend everything, including stupid employees who write their password on a notepad and leave it on the subway. Even if you stay as a pen tester for life, CISSP helps you see the big picture so you never have to ask why am I doing this, or who does this affect?