Services

Rico Kerstan is brought in when situations are unclear, requirements are contradictory, and decisions cannot be properly prepared.

When working together makes sense

Rico does not take on routine projects or standardized implementations.

He is brought in when situations have become unclear: contradictory requirements, unclear responsibilities, decisions that cannot be properly prepared. Typically in complex organizational structures, regulated environments, or critical infrastructure.

This is not about more security in the formal sense. It is about better decisions and structures that hold under real conditions.

Three Areas of Work

Crisis Management Exercises and Executive Crisis Training

The core work. No generic scenarios. No pure tabletop exercises.

Exercises are a diagnostic instrument: they make visible who decides what under pressure, where roles become unclear, and what actually works — not just on paper.

For mid-market companies + critical infrastructure:

  • Crisis team structure assessment
  • Crisis response simulation
  • Role clarity under pressure
  • Realistic scenarios (not textbook scenarios)
  • Afterwards: action plan, not just “that was informative”

Prerequisite: willingness to receive honest feedback.

Crisis management training for SMEs

Governance & Resilience Structuring (Critical Infrastructure + NIS2)

Rico steps in where things have stopped working cleanly: unclear scopes, contradictory requirements, missing prioritization.

Not implementation — but clarification:

  • What fits the organization?
  • What does it actually need?
  • What should it not build?

Specialized in:

  • NIS2 Compliance Framework
  • Critical Infrastructure Governance
  • Information Security Management (ISMS)
  • Compliance Gap Analysis

Compliance & Governance Framework

Executive Sparring at Leadership Level

Direct, without political smoothing. Making sense of situations, challenging assumptions, structuring decision options.

Not coaching. Not facilitation. A space for clarity.

Suitable for:

  • C-Level Strategic Decision-Making
  • Post-Incident Assessment
  • Risk Scenario Planning
  • Organizational Resilience Strategy

Methods, Open Repository and Licensing

The methodological foundations — P-DRIVEN, C]ORE, M]ORE — can also be used independently of direct advisory work.

krisensicherOS is the open operating repository by KR Krisensicher for AI-assisted security governance: NIS2 readiness, ISMS basics, crisis readiness, evidence work, and management reviews as operable routines instead of a document graveyard.

Open krisensicherOS on GitHub

Training & Crisis Management Training

Organizations can make the approaches usable for their own teams and staff.

For consultants/trainers:

  • Methodology Transfer Training
  • Crisis Management Certification Program
  • Executive Training Facilitation
  • Trainer Certification Program

Crisis Management Training & Certification

License Partnership for Advisory Firms

Advisory firms that want to work with the methods — for their own clients or as part of their business model — can become license partners.

What is possible:

  • Exclusive licensing for your region
  • White-label solutions
  • Methodology IP usage
  • Ongoing support & updates

Interested in a license partnership?Contact

Full Approach: Methodology & Framework

Common questions about crisis management, NIS2, and executive sparring

How are crisis management exercises different from tabletop exercises?

KR Krisensicher uses crisis management exercises as diagnostic instruments. The goal is not to complete a scripted scenario, but to see whether roles, situational awareness, decision paths, and accountability hold under pressure.

When does executive crisis sparring make sense?

Executive crisis sparring makes sense when leaders need to prepare decisions in unclear, politically sensitive, or organizationally complex situations. It structures the situation, challenges assumptions, and clarifies decision options.

What does NIS2 compliance mean beyond formal evidence?

NIS2 compliance becomes effective when governance, accountability, risk assessment, and response capability work under real conditions. The focus is therefore not paperwork, but resilient structures.

Who is KR Krisensicher not a fit for?

KR Krisensicher is not a fit when the goal is only to tick a box for auditors, when a standard product is expected, or when an organization is unwilling to examine its own weaknesses honestly.

When working together does not make sense

If the goal is to tick a box for auditors. If formal requirements need to be met without any genuine change being wanted. If an organization is unwilling to examine its own weaknesses honestly.

Rico works directly and without political smoothing. That is not comfortable for every organization.

Request a confidential conversation