There are three ways that I can think off to store your private keys safely (offline)
1) Having a hardware wallet (Trezor, Ledger, and so on). The problem: Having to trust their custom RNG, their while hardware, that there will be no surprises (see trezord.exe phoning home)
2) Having a paper wallet (encrypted with BIP38). The problem: You can easily lose a piece of paper. The paper can also degrade over time. You would be also stuck with a single public key to get payments, so you would need one piece of paper per address... not good if you need to create new addresses constantly to relieve payments. Controlling coin inputs and outputs it's also harder without software involved.
3) Having an offline airgapped computer with Linux: This looks like the safest option to me. The problem: You need to pre-sign the transactions and Bitcoin Core does not have good support to do this so you are stuck with making raw transactions by hand which is a bit of a mess, then you need to pass this raw transaction into your online node. Armory has a nice GUI to do this but I wouldn't trust it too much. Electrum.. wouldn't trust my main stack to be held by an Electrum wallet (too paranoid about the seed being derived somehow)
So how do you personally manage your private keys in cold storage in order to make your transactions?
i have most of my coins stored in cold storage, both paper wallets and encrypted .dat files on thumb drives and CDs. moving my real cold storage (and restoring it to new cold wallets) is inconvenient and difficult by design. an air-gapped electrum wallet is definitely necessary for my day-to-day transactions. there's no way around that for me.
i only keep < 10% of my coins in air-gapped spending wallets.......but i'm still at a loss for how core's HD wallet seed is so much more secure than electrum's. my paranoia (which is pretty high level as it is!) is more about malware that makes its way onto the thumb drive i use to transfer/broadcast transactions.