How are you staying current? Prior to becoming a CISSP, I'd get this question almost every time at a job interview, but not so much from prospective employers 'after' getting certified. However, I believe that life-long learning is key to our (CISSP's) success. So how are you guys keeping current and honing your skills?
Occasionally picking up another cert, reading websites daily for cyber news, helping others, participating in forums, listening to podcasts, reading (or listening) to books (not just cyber security but others too).
I also look to attend conferences, take webinars, have vendors demo their products, etc.
The only thing I might add to Scott's list is Presenting at conferences. Presenting forces me to become more familiar with the subject and also in talking to the audience, I sometimes gain information that I did not have.
Besides obvious, (reading, learning, getting certified, speaking, presenting), actually doing work in the field and encountering multitude of environments, each with its unique challenges and degrees of complexity, is quite helpful.
Every new engagement is a learning opportunity.
Like @rslade said, there's a 'right' answer & most are probably going to provide that, so you'd want to make your's stand out --- but depending on the interviewer's mentality, how you do that can get you shortlisted or just taken off the list.
Besides what's already been mentioned here, I think interacting with others plays a part, not only via forums & presentations. You'll be able to get an idea of the impact of IT & how Security is exercised & perceived --- on multiple levels & in different environments.
If an employer values employee awareness, emphasizing on interaction may help.
(Okay, I confess --- I haven't attended an interview for quite some time now.)
I missed out the part where you pass on your knowledge during an interaction, but that goes without saying...
It's an odd question, and relatively easy to answer, but not one you can particularly stand out by answering. It would be more telling if they asked what have you done to become a better security professional in your career and why. But it's like they are looking for an answer that matches a checklist, as if it's a mandatory HR driven question they have to ask.