Security seems to be the "buzz word" that MCSE was a few years ago. The big problem is that there are too many certs out there, and many are just too easy to pass without having any practical experience.

Some certs, such as GIAC, actually require a written submission after the testing has been completed. This is a good way of proving knowledge. Others, such as CISSP, require proof of a certain amount of experience behind the wheel, so to speak.

The other problem is that some employers just don't understand certs. I hold the GSEC from GIAC (and plan on doing more certs through them later) and also hold my CISSP. In a recent informal job interview, I was told "Well, yes, but we want a Security+ certification".