This is a very interesting question and you have to know your goal. The blue side and the red side are very different and we have hands-on certs and paper certs.
Paper certs like Sec+ are good for HR, but hands on certs like BTV1 (Blue Team) are good for real knowledge. IT-ProTV has some hidden courses about cybersecurity and you learn a lot about nmap, metasploit and so on. If you google you find courses like CEH, but this cert is waste of money, unless you want to work for the US government. Do not trust google, use e.g. LinkedIn to see the real job requirements (ignore ridiculous things like CISSP for entry level positions). Certification companies spend a ton of money in ads but it does not mean it reflects the reality. CySA+ is a good HR cert for blue jobs, but it is a paper cert. You answer questions and a company does not need someone who is good in answering questions... hands-on is way more important.
Many people take things like INEs free starter pass https://checkout.ine.com/starter-pass This pass includes a ton of material (1500 slides) and in the future unlimited lab access to get hands-on. This knowledge is good to have for blue and the red side. The red side has certs like OSCP (Offensive Security) and eCPPT (eLearnSecurity). A learning path for both certs could be:
The red side is very time consuming and you have to learn a lot. Expect 500 to 750 hours learning time to knock out OSCP or eCPPT. If you have such a cert, you know the basics... no AD, no cloud, no additional things.
The blue side has more jobs and it is somewhat easier to learn. Some ideas:
If you have questions fee free to reach me via LinkedIn www.linkedin.com/in/stefan-wa
because today is my last day here.
Last tip: Start with the free material, you can learn so much for 0 cent.