Hmmm....there are many many different aspects to security. Security Architects for example, dont necessarily need to understand the details of CVEs, but the general principles of defence in depth when architecting solutions.
Similar to medicine or any other fields, there are sub areas that require specific experience. CISSP gives a good foundation for the security assurance type of roles. Those are security as well. I wouldnt focus only on CISSP if i was after a security engineer, a role that requires specific skills.
