Actually cyber security is one area where a lot of certs are a strong negative signal. They basically broadcast course-taking and cert-chasing over real world experience. If you have an OSCP cert I will treat that as a potentially good signal, but if your CV includes CISSP I will walk in to an interview with low expectations and if it has CEH or similar wastes of time the recruiting lead would have known to filter the CV out so that I do not even see it. This if for FAANG environments though, so maybe if you are aiming for a corporate cube farm in a smaller market other certs will be useful. Just not with me.
As a Red Team manager with both the OSCP and CISSP, in my opinion neither is worthless but they are oversold and they aren't really comparable.
The CISSP is a risk management cert that's sometimes oversold as an infosec cert. It's been quite useful to me in dealing with the (Fortune 1000 mostly) bureaucracies that take Red Team and pen test findings and turn them into remediations or risk acceptances.
The OSCP is a technical cert that's oversold in a different way: because the test is fairly difficult, lots of people assume it's an advanced cert. It's a beginner cert (and Offensive Security has several more you can take after it). What it does prove is that you probably have the right mindset to be a penetration tester (which is not necessarily the same mindset you need for Red Teaming, i.e., unannounced adversarial simulation).
tl;dr: I don't think any cert is bad as long as everybody understands what it's for. But I'm one of those people who collects them (at employer expense) as a way to structure my learning, and then never renews them.
