Contrarian view. Certifications start conversations and nothing more. If that's what you're after (like I was early in my career)-- they are fantastic. It's a third party attestation for passing the "you must be at least this tall to ride this ride". That said, for all of the many certifications I've gotten, the only three with any lasting value at all were my CIPP (I sat in the second test session so I was one of a very small number certified when I got it), NSA Infosec Assessment Methodology (because even though it was niche, saying I was trained by the NSA was a strong bullet point on the resume for years), and my Compaq ASE because it required a ton of actual capability in order to pass and because it came with a very nice screwdriver that I use 30 years later and long after Compaq disappeared from view. I never once got value from having a CISSP, or Bay Networks, or Cisco, or Microsoft certifications except to list them like alphabet soup on resume or on a title slide. I quickly learned that I was better off demonstrating capability than having a pile of certs.
To make this post more practically valuable, if I was starting over, I would only do certs which required the demonstration of actual, real-world skills. I'd avoid certs in the security space and focus on adjacent areas- AI like Jason mentioned (though probably not CompTIA since it's fairly basic), or Certified Anti-Money Laundering Specialist from ACAMS.org to show that my breadth goes beyond security and into the applied side of that in the fraud space.
