Half the folks don't have a knack for methodical troubleshooting. Doesn't matter whether they are certified, experienced, or not. Some folks don't have the common sense to simply tell someone, "I'll find out later" AND put forth the effort in finding the answer themselves.
I mentioned the CISSP which has a similar problem... the requirements are X number of years in the security industry but 90% of the people I know with a CISSP are project managers.
The problem is boot camps. When you can pay $5k and have the answers drilled into your head for a week, of course anyone can pass.
Problem is you can't gain the experience without a CISSP, for the most part. You have to get lucky that you're either promoted or transferred to a security position. That needs to change at the entry level, so these folks can get the relavent experience. Then apply to take the ISC2 or CISSP....One does not necessarily have to obtain an MSCA or MCSE just to get a foot in the door. You are not applying for a sysadmin gig when starting out. At this point, A+, Net+, and ITIL are seen as the gatekeepers.