Registry Lock isn't something most retail registrars will offer, because generally, the vast majority of registrants don't really need it. It's not something you can just put into your domain management panel and roll out to everyone because of all the hoops required once enabled.
That said, Brian Krebs does need it on his domain(s) for obvious reasons - his domain is a massive target for hacking - and so it's enabled on his domain with specific procedures around how updates happen when required which I won't get into.
Beyond Registry Lock, the best way to secure your domains is to have them in an account with a random username (prevents guessing to aid in social engineering vs. "firstlast" or "flast"), a strong password and 2FA. Perhaps consider a unique account email address that you only use for that registrar account since losing control of that could result in losing control of your entire domains account and all the domains in it (assuming you didn't use 2FA).
On the Registrar side, look for one with good protections to ward off social engineering against the account and domains. In our case, we have a system that requires the account holder's specific consent (obtained via account email) to have a support person view personal information or access the account.