For starters, let certifications be a guide not an absolute predictor of information security expertise. The CISSP is the most widely-recognized but various others are respectable as well including Security+ and the SANS GIAC certifications. Look for a vendor-neutral certification such as these if possible, but don't discount someone having a Microsoft, Linux, or especially Cisco-specific security certification. I still believe that hands-on experience is the best predictor of knowledge and success.
For more info on this topic, visit these SearchSecurity.com resources:
This was first published in February 2005