(First of all, Congrats on the hire)
This post caught my eye because I end up doing most of the technical interviews for my firm.  For the rest of the folks out there that might be interviewing in the near future, make sure to try and get a specific job description in addition to the title of the position.  Most of the people I interview are sent to me by the HR/Recruiters, and all they've been given are a generic job title and description (ie "IT Security Consultant").  The problem is that we are usually trying to fill several positions at once, and since the recruiters don't have the background to understand most of the technical aspects of the job they just throw all of the "security guys" together and send them to us.  We are expected to figure out during the interview what position, if any, the person would fall into.  So, as a bit of advice, try to find out before hand the specifics of the actual position for which you will be interviewing.  Most of the time the position will fall into one of three slots: auditors, vulnerability assessment, and pen testing.  If you see audit key words (controls, regulations, etc) you'll be expected to speak to stuff like SOX, HIPPA, FISMA, and so on.  If you see general security words (common tools, scanners,etc) then expect to be able to speak to the general OSI model, the scanners, types of exploits, stuff along the lines of the original poster's questions.  If you see anything about doing manual exploits then you'd better be comfortable speaking to application hacking, zero day exploits, client side attacks, and so on.  There is nothing more uncomfortable for the interviewer and person being interviewed than when the person being interviewed is completely in over their head.  Just my two cents...

Bill,
  I've been a reader of the site for awhile, just never made an account.  Hopefully I'll bring something to the table other than comic relief.

Congrats