Using a certification as your sole means of judging someone is a poor way of assessing candidates. I think most good HR people know that now. There were way to many people who had MCSE's that couldn't do the job. I have done quit a bit of interviewing, from the hiring side, and I was constantly amazed at the people we would see applying for a high level admin job. If you notice, people that are hiring now do not push so hard for MCSE's anymore. I think more than anything, the people who like it are sales people for VAR type businesses. They basically get to say, look at the certs that our consultants have, blah blah blah... Getting certified can be a very very good thing. But if you think you know something just because you have a cert, with 0 experience. You should think again. That's not directed at anybody in particular, just that if you are new to the IT game, and you think a cert will be the answer to everything, you are mistaken.

Also. From what research I have done into CISSP, it is mostly about definitions and technology, with a lot of encryption. It doesn't get into the nitty gritty of vulnerability testing, or the how-to when configuring routers or firewalls. It is just more of know that a firewall does this function. An IDS does this function.

I strongly believe that the most useful and most accurate certification available know is the Cisco CIE.