Certifications
I was an Associate member of the IISP, and a CLAS consultant (now retired). The issue with certifications and examinations is that there was some confusion over what was actually done, and the breadth of experience instead of just knowledge required to gain, for example full membership of the IISP. You not only had to know quite a bit about several different aspects of InfoSec, such as fighting virus infections in networks, business continuity, ISO27001, but have had, and maintained experience of doing it for real over a period of time.
I failed my full membership of the IISP interview because I had never had to actually deal with a virus as a lead consultant, managed to ensure backups were taken so never had to invoke the full BCP / DR plan etc. Oh, and although I had passed the ISO27000 Lead Auditor course, I hadn't conducted a major audit running a team in the past 3 years.
Contrast this with public examinations for, say 'A'-levels or degrees, and there is either specific coursework or a formal examination to assess the candidates. When CLAS went to a two tier hierarchy (just before CESG was transmogrified into the NCSC) looking at my job responsibilities, there was no way I could claim the experience required to get the upper tier, and just maintaining the lower tier would be difficult.
So go for certifications if you must, but there a re a lot of intelligent and able information security consultants out there who will struggle to get them if they have to actually have experience of doing the fire-fighting, DR / BCP, auditing every two years, because they will be working on bids, managing firewalls or other such things as their main jobs and their employers, however keen on staff development, will keep them there because they are good at it.