My long standing and constantly reenforced view is that certifications are basically worthless and certification companies are mostly just money making machines, pure and simple.
For example, I was a well known Internet security expert long before I took the time to get my CISSP certification. But I thought (one day, a long time ago in a spacetime far far away), hey! I'll sit for the CISSP exam so I can put "CISSP" behind my name and hang out with CISSPs.... haha
Honestly, I enjoyed studying for the exams and when I finally sat for the exams, I finished hours ahead of schedule to my surprise. I passed the entire CISSP battery of exams with flying colors and proudly flew the CISSP flag after my name for many years. For a year I was a featured ISC2 blogger on their site.
Then, I noticed that almost every CISSP I met had almost no operational experience, only textbook knowledge. I noticed that the world was pregnant with "certified experts" without any true operational experience against a real cyberattack and no general data center operational experience. Most of the certified people whom I started to associate with were "cybersecurity or IT arm chair quarterbacks" who talked such a great game but never had been on the field. This was amazing to me.
Then, I noticed that the organization that controls the CISSPs had a system of "professional credits" that were required every year to stay certified; and that much of these "continuing professional development credits" came from their commercial partners. For example, if you took a class from a partner of theirs, or you subscribed to a magazine (this is crazy!) in the "recommended magazines", you could get "credit" to keep your CISSP!
However, if you wrote a bunch of great blog posts about actual real experience defending the real world against real cyberattacks, or published a paper in a journal not directly associated, you got zero credit. In other words, the CISSP "system" turned out to be a kind of commercial enterprise which churned out a lot of unqualified, but certified people.
I finally just gave up on my CISSP cert because it was useless and a kind of a farce; as the more CISSPs I met, the more I met people who had a lot of book knowledge about cybersecurity but most, I would say 90 to 95% or higher, had no true hands on operational experience defending high value networks. Most had never even done any system admin on a critical server!
My advice has always been to get hands-on experience and stay hands-on and operational. If you are too inexperienced to get hired, then create your own project (be a doer, not a talker) or join a open source effort (volunteer and contribute); write code, write code, etc. Do sys admin. Never become an arm chair quarterback who claims to be an expert because they got certified.
On the other hand, I enjoyed all my studies when I prepped for my CISSP exam; and I did learn a few good things from my exam prep time; but only because I had many years of hands on operational experience to validate and apply the theory too. I have met a few CISSPs who were "operational" and great people (few and far between, however).
I can name very few people with hands on operational experience compared to the multitude of certified people who have ever worked in a data center or been a sys admin of critical infrastructure (but claim to be experts).
In closing, Certs are "OK"... if you want to do them; but nothing is more important than continued hands on experience at the system level, learning new skills, coding, writing solutions, building and securing systems.
In my very biased view, 100 certs are less valuable than a few years of hands on system level (admin / system programming) experience with mission critical IT infrastructure.
Cheers!