This has been my plan for the past 3-4 years when I pretend to myself I will stop slacking:
CCIE(s) (of note... I've actually studied for +10 years now on this... Google sucks! http://www.mail-archive.com/cisco@group ... 04919.html
CISA + HISP (to annoy)
CREA || GREM (find it fun/interesting)
OPSA + OPST + ISRM (more geared towards reality for me)
CCIE(s) I've been fiddling with for years now... Lab part scares me not the content. CISA + HISP is to annoy people. CREA + GREM because they look fun. OPSA + OPST + ISRM because they make more sense for me.
The reality is though, I don't know what else to do. Sometimes I get bored with security, even more bored with certs. The certs have become the challenge to me, not the technology. I'm still awaiting the results for the CISM which some come within the next 10 days. I wanted to beat the authors with a cluestick. I had to "dumb myself down" and answer to the business side of security as opposed to the technical/defense side of things. So I'm having to try to figure out what it is INSERT_SPECIFIC_BODY_HERE wants.
Who knows what route I'll take but I will figure it out shortly. I thought about going the Juniper route since I'm immersed in SA's and SSG's daily, but that too annoys me. 2 months ago I had to configure and deploy 10 SSG's (small number) with pre-defined tunneling information provided by the client. Had them all down with t's crossed, I's dotted only to have the client fudge the whole game up. I literally had to re-do them remotely on site which left me annoyed with SSG's because of my client. I may do the JNCIS-SEC who knows but I've had it up to ^here^ with vendor-specific certs. I'm keeping an eye on the ISRM though (http://www.securityhorizon.com/aboutISRM.php
) and for those unaware of it, its what the NSA-IAM/IEM used to be.