There are lots of subfields of security. (for instance I really wish I knew more about appsec; by far my weakest area, working on it.)

However, CISSP is a worthless piece of paper for IT security managers, crypto custodians, developers, pentesters, and auditors.