IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
Certification is not the ultimate goal, knowledge and experience is. Certification is just official confirmation of knowledge and skills you have by vendor, that you can work with their devices or operating system and you understand technology.
This part of your thought is correct: "... and also you must spend your entire life *studying*". You will not be very successful if you do it just to get certification and then stop. Work in IT is about constant studying, learning and getting new knowledge.
If you're saying it bothers you to recertify CCNA every 3 years, and then considering making CCIE - do you even realize how much work, knowledge and resources (money) is required to pass this exam? And that you need to recertify CCIE every 2 years? By the way, passing exam from CCNP renews your CCNA as well.
Obviously, the answer to your question depends on what you hope to accomplish in your career. Certainly, the CCIE is a hard certification to get and it can open a lot of doors for you. Demand for experienced Linux professionals is growing, too, so if Linux is an interest of yours, that is a great place to start. As for expiration of certifications, that depends on the certification in question. While I’ve never heard of any certification expiring annually, training from the Linux Foundation, for instance, doesn’t result in a classic certification at all (however its training for administrators is geared more toward performance tuning, not a security specialty). As for Red Hat certifications, the company says that they generally stay valid for three years, but they recently changed their policy so that certifications expire at the end of the calendar year, rather than three years from the month that you got it, that may be where some of your confusion lies.
Be aware that the Red Hat Certified Security Specialist has a pre-requisite of a Red Hat Certified Engineer and Red Hat has recently instituted a requirement of a lower-level cert, the Red Hat Certified System Engineer, before you can take the RHCE. So any track you take to become a security expert will require a lot of hard work and study. Both areas you are considering, Cisco or Linux, are well received (and sometimes even required) by employers. It all comes down to which technologies interest you most. A good place to start may be the CompTIA certs as this organization offers courses in general security training and in Linux. It’s Security+ cert is not as highly coveted at the CCIE, but it’s a respectable certification and can give you a taste before you commit to a full engineering track from a particular vendor.