Being a manager of an InfoSec team I agree with this, especially the CISSP and CEH.
I've seen a few folks get a CEH and then they're off to App testing land, but the funning thing is, none of them has ever written an app, some not even a script, and they are now doing security testing on mobile apps. Basically they just push a button on an app scanner and pull a report, it's sad.
The folks that do succeed in security are the ones with curiosity, experience and drive to learn.
As some one who is looking to get into security, I have that drive of why. At work I hate when the senior engineers close something without explaining it.
I like to know how something broke and why it broke. I understand programming and can read about any normal language to a basic degree and lightly troubleshoot.
Your absolutely right, about those kinds of people too. Some get the certification and stop there. Others get it and use it as a foundation and build on it.
I've seen a few folks get a CEH and then they're off to App testing land, but the funning thing is, none of them has ever written an app, some not even a script, and they are now doing security testing on mobile apps. Basically they just push a button on an app scanner and pull a report, it's sad.
The folks that do succeed in security are the ones with curiosity, experience and drive to learn.