You can usually spot a fishy situation if you're paying attention. Someone who lies on a resume, doesn't have good references, doesn't pass a background check or just can't back it all up in an interview is not to be trusted.

Give candidates plenty of opportunities to talk and maybe bury themselves. Ask questions like, "What was your best and worst experience in doing security work?" What you're looking for is information on how the candidate handles pressure and whether he tends to blame others or accept responsibility.

I don't waste my time asking things like, "Show me the command lines to configure a DMZ on a Cisco Pix firewall." Anyone can look that up in two seconds. The ability to store command lines in your head is indicative of nothing other than a great memory. Besides, most of these guys have a direct link from their brains to the keyboard and won't necessarily be able to come up with the answer in an interview situation.

After trustworthiness, I look for intelligence. I want someone who can work through a complicated scenario independently and come up with a good answer or a number of options, with all the pros and cons thought through.

No. 2: Set them free