[bitexploder]

Ultimately, hiring managers in aggregate decide which certificates are good. I can honestly say most of the time if someone has very many certificates listed on their resume their odds of making it through our hiring process are pretty low (information security consulting). There are only a couple of certificates that come to mind that are interesting. OSCP is one. The upper level Cisco certificates are well regarded. If I see a new certificate on someone's resume I look it up.

Everyone familiar with Cisco's certificates knows the CCIE is really hard to get because you have to actually demonstrate competence at fixing broken networking in a complex environment. Which leads to an interesting point. It is effectively a work product assessment. If someone can get a CCIE they can probably wrangle your network architecture too. It is similar to how we hire folks. OSCP is similar in that there is a practical part to their certifications. You have to demonstrate actual competence to get one of their various certs.

Contrast to CEH/CISSP you just multiple choice a bunch of facts. Literally, almost anyone, could sit down and cram for 4-6 weeks and get a CISSP. Even people that don't know much about how technology and computing works. Tests like the Bar exam also go far beyond multiple choice, having essay components and very complex questions in most cases.

I think it boils down to a simple thing: do enough people who know about the certificate and how difficult it is to acquire say it is actually difficult and or practical in a meaningful way. Equifax could have crafted such a certificate and it certainly would have been a blow to certificate holders if it was a good certificate with a convincing practical setup like OSCP or CCIE. The rough heuristic I always hear is what you said "Certs are garbage" -- someone else will pipe up, well I guess OSCP is alright, etc.