I wish I could disagree. I've put more time and money into popular certifications that are garbage when it comes to real-world applicability than I would like to admit...

From the article:

This is also true!

I am working very, very hard not to be the next security guy who knows more than everybody else at work, but still knows a lot less than the expert working across the street. What I mean is it isn't difficult to look like you "know it all" in front of people who has never work in IT security. It is a different thing to be considered an expert among your peers...

On the other hand, if we look at ourselves, we all know we lack experience in this and that domaine. The fact that there is so much to learn forces us to become specialists. But we are required to work in many different fields, so we are stuck...

If we look at people on this forum, who are very, very good at doing a pentest for example? You can count them on one hand... BUT, I believe we all make a huge difference where we work. Without us, the "average" IT Security guys, the "experts" would be overwhelm! 

Finally, it is the same with all types of work. We want the best car mechanic, the best doctor, the best accountant, etc. But hey, we all have to start somewhere...

So again and again, like almost everyone thinks on this forum, certs are part of the equation. They aren't perfect and they aren't everything, but they have their use and their place.

Most of the problem with certification is that the tests primarily consist of multiple-choice tests that merely test your book knowledge or very basic reasoning skills. For example one could likely pass the CISSP or CEH with very little technical knowledge by simply reading the materials and perhaps participating in lab exercises. There of course is a bit of test-taking skill and strategy that comes into play as well.

Understanding theory in IT security(or any science for that matter) is only half of it. I think that more lab-based tests need to become part of the common testing framework. A good example is the OSCP, which is one hard-core technical test.

I've taken the CISSP, CEH, CISA, CCNA, and OSCP. OSCP being a completely practical test is definitely the only one that I feel truly tested skills versus "book smarts". If I'm ever in a hiring situation and I see the OSCP on someones resume they're going to be the first person I bring in for an interview.

I agree with partek.  Demonstration based exams are worth more than knowledge based exams.  OCSP is a good measure of practical ability needed to perform in a pentest environment and does provide a good benchmark for what you can expect from a certification holder.

The problem with demonstration based exams is that they are expensive.  They have to be.  It is much more difficult to test someone's ability to demonstrate concepts than to answer questions about the same concepts.  Employers don't like to pay for certs, especially not high priced certs, because people use them to pad the resume for the next job (at least this has been my experience).  Anyway, there's no perfect cert (as this thread demonstrates), but I agree with partek that those with demonstration based certs are going to get the first calls for an interview (all other things being equal).