If you have CompTia Security+ Certificate and had worked with it for 6 years, do you stand the chance to get the CISSP Certificate? And then again is it necessary to have CompTia Security+ Certificate before embarking on your CISSP CERTIFICATION journey?
Since the CISSP is a "management" credential, it's certainly expected that one has some experience in security/risk management prior to going for the cert. That said, having any other certification is not a requirement.
Since you specifically mentioned Security+, while I have never sat for the exam, my understanding is that it's more of an entry level security designation. And while it does help one understand security fundamentals, it tends to focus more on security operations rather than management/strategic issues (this can be said for their more advanced CASP cert). This isn't either good or bad (it really depends on your current role actually). But there is always a tendency to "tier" certifications as we are ingrained with this concept from our school days (you start with primary school, then secondary, then college, etc.). I believe the DOD requirement also supports this.
I think the key is to not necessarily focus on the certification, but the knowledge/skills that they are supposed to represent. I know plenty of people who have more knowledge/experience than required for these certs, but never bothered to attain them. This doesn't really make then any less valuable.
A person inquiring or obtaining certifications can have many objectives in mind, for some, it is an individual accomplishment, and for other, it is job specific and or required. For whatever one's purpose or need maybe, they have to develop their roadmap to achieve their personal goals. That said, Security+ is far from being an entry-level security designation. I would be more inclined to think Tech 1 level is the entry point with A+, Network+, and SSCP (Systems Security Certified Practitioner), which I believe is the associate level to the CISSP. Perhaps, the SSCP might be a more achievable certification for a newbie with a direct mapping to the CISSP. The CISSP tents to be more of a Check-box item than an actual application and or practice. Some people will tell you they never used anything learned from preparing for the CISSP in their workplace because that is not the CISSP purpose, the CISSP is designed more for thinking/strategy and less for the application (hands-on, tactical folks).
And I couldn’t agree with you more, the key is not necessarily to focus on the certification, but the knowledge and skills that the cert materials are supposed to represent. The push for certifications is a government requirement and thus now a contractual necessity.