It’s not clear to me what you’re trying to say? I specifically mentioned that there are roles that require certs due to government regulations, and at companies worth working for, you get hired as you are and they pay for you to hit whatever checkbox certs the role needs on paper.
We aren’t on the same page. CISSP is not a goal. For security jobs, there’s 3 possible states with regards to certifications (CISSP, SEC+, etc):
1. Your employer doesn’t care about certs, and their customers don’t care about certs, and so you don’t need to worry about certs.
2. Your employer doesn’t care about certs, but they have customers (like the government) who believe erroneously that certs are desirable. So your employer pays for you to go get the fancy piece of paper so their customers will pay them. This is no different than any other checkbox requirement from the customer.
3. Your employer cares about security certs. This is a sign that you don’t want to work there.