Never trust an IT security geek that can't pick a lock, plan a defensive posture or be clinically diagnosed with extreme delusional paranoia.
No argument there, but from a job perspective, the folks managing the network devices are separate from the folks managing building security. Not only are they separate groups, they aren't even able to work in cross-functional groups because of policy (once again, my experiences, yours may be different).
Yea, I need to dig out my CISSP books, study them a bit, and go take the test. I've met legions of CISSP'ers that knew little to nothing about security, so it obviously can't be that hard.
The material isn't hard, there's just a lot of it and it covers a very wide range of topics (though not to any great depth). It's really just a lot of memorization. In all honesty, it's overkill for someone who's only job is managing a few routers or firewalls. Those folks are better served by Cisco's security track which leaves out the non-IT stuff and focuses on actual IT security topics. If you take the CCNA Security class, you'll know more about securing routers and switches, configuring firewalls, and general network security than any CISSP.
I'm going to jump back in once the 5th Ed of Shon Harris's book is released in a few weeks. Unless work gets too busy or I get derailed by "real life", I'll probably be ready to take the exam by this Summer.
Chris
