I am seriously considering getting the CISSP. Why? Well, I almost feel like I am missing something by not having it. One of my good friends, whom I respect as a security professional, has had it for a couple of years. There are also two podcasts that I listen to regularly and both individuals are CISSP's. The content of the podcasts are excellent. Specifically, the Security Catalyst is excellent and put on by a CISSP trainer. His insight and topics are very good, much better than most of the podcast and blogs that I read. Of course, that could be a singular instance and not an example of most CISSPs.
I was at a SANS conference last year where I was hanging out with two really sharp fellows when we weren't in the forensics class. We were having sushi and beer when the topic of CISSP came up. They were shocked that I didn't have it yet when I have more advanced certs already. They equated it to a kind of "foot-in-the-door" cert that recruiters look for when scanning applications. I shrugged it off thinking my more technical certs should outweight the CISSP but I am now reconsidering it.
This post is probably more than I want to devote to this topic for now until I talk to a few more friends in the sec biz to get their opinions. There will be a follow-up post about this later along with a post listing all the podcasts I listen to.