With regards to the pen testing aspect, if you’re thinking of getting in with a consultancy firm and running the tests against customer infrastructure then quite a lot of it likely relies on pre-built kit. Stuff like Kali, as well as the myriad frameworks for prodding various things, would be good to look into alongside the Python.
Important note: It should be obvious, but don’t point any security tools - however innocuous or “harmless” you think they are - at other people’s gear without prior, well documented, permission. (@brandonkr I assume you know this, so it’s more for anyone else who might read this down the line. )
Python on its own probably wouldn’t set you up to go properly bug hunting, though, if you were thinking of going fishing for zero-days.
Either of the Python courses - Python 3 is a Pro only course, I think - or the Comp Sci Path would probably be good for that. I haven’t done any of the Paths, but the standalone language courses cover the basics to a good extent. I’d couple it with stuff like CodeWars, getting familiar with the Python Docs, and books.
CISSP is a well regarded cert, for sure. You should keep in mind, though, that the passing the CISSP exam is only part of the journey.
CISSP requires you to have 5 years or more of paid work experience across at least 2 of the 8 knowledge areas. (A relevant 4-year degree course, or certain other professional certifications in relevant areas, can be counted as one year of experience.)
Even then, you don’t get the full CISSP until your work experience has been checked and verified by someone else who’s already accredited by (ISC)2… so it’s not an easy cert to get, but I think that’s part of why the CISSP (as well as the other (ISC)2 certs) are well regarded!