I've been thinking about getting my Security+, Certified Ethical Hacker and Certified Information Systems Security Professional (CISSP) certifications.

Thoughts?

 

CISSP is not a joke, and it's highly compensated.

What are your goals? What position do you want to be in 5 and 10 years from now? How old are you? What systems are you familiar with? That has an impact on your certs.

I'm an Info Systems Auditor for my company. I'm not well versed on certs, don't hold any myself, but CISSP is at the top.

Look at job postings for positions you will be interested in 5 years from now. See what they're requiring and what's preferred, that'll give you good guidance.

I'm looking at an Advanced Info Security Analyst position right now, and they're looking specifically for GSEC or Security +

There's also a posting for a Manager of Disaster Recovery / Business Continuity, and their preferred qualificatoins include:
•Comptia Security + Certification
•(CAPM) Certified Associate Project Manager
•(CBCP) Certified Business Continuity Professional within one year
•(CISSP) Certified Information Systems Security Professional designation
•5 years "hands on" security management toolset design and implementation experience

You can also consider a CISM for a stepping stone.