How are you staying current? Prior to becoming a CISSP, I'd get this question almost every time at a job interview, but not so much from prospective employers 'after' getting certified. However, I believe that life-long learning is key to our (CISSP's) success. So how are you guys keeping current and honing your skills?
Deviating from this post's original question about staying current, an example I can provide --- from a friend who attended an interview for an IT Security post --- is 'How would you go about securing an HR system to be implemented at multiple international locations?'
His answer to the interviewer was general steps: 'Ensure that portal connections are properly secured with SSL, accounts are properly managed, stored data is secured, & the application & site are properly tested.'
My response would have been: Before addressing the system's security, I'd want to gather information on the proposed implementation --- including what the system will use, what it will cater to, and where it's going to be deployed --- based on which I can determine the adequate security required, and how to implement this.
I can't be sure how an interviewer would perceive my reply --- either he'll agree that assessing a system is an important prerequisite to securing it & will offer some more info; else he'll assume I'm evading him 'coz I can't think of an answer.
The expectations and attitude of an interviewer / prospective employer play a big role in the outcome, alas we have to work with whatever we can glean about them, without having to rely on a psychological evaluation.