🧑⚕️ Emanuele Tarchi — From Healthcare Operations to Cybersecurity Governance
Building real-world, risk-aware systems for critical environments
I’m Emanuele, a Healthcare Assistant (OSS) transitioning into Cybersecurity Governance & GRC.
After years in high‑pressure clinical environments, I’ve learned how crucial procedures, risk management, resilience, and human‑centered systems are.
Today, I apply that mindset to cybersecurity.
My projects are not academic exercises:
they are real systems, born from real problems, designed with risk thinking, auditability, and governance in mind.
🎯 What I’m focusing on now
- ISO 27001 Lead Auditor (in progress)
- NIS2 compliance & ENISA guidelines
- Risk management (ISO 31000, ISO 27005)
- Business continuity (ISO 22301)
- Building a GRC cyber portfolio based on real-world systems
- Mapping my projects to ISO 27001 & NIS2 controls
- Studying governance for critical sectors (healthcare, maritime, aerospace)
🚀 Featured Projects (GRC Layer Added)
Tuscany Triage System — Clinical Decision Support
A modular CDSS with audit logging, risk alerts, congruency checks, and resilience logic.
Now extended with:
- ISO 27001 control mapping
- NIS2 compliance considerations
- Threat model
- Risk assessment
- Audit plan
CareLink — IoT Clinical Telemetry System
A mesh-based telemetry system designed for resilience and safety.
Now extended with:
- Business continuity considerations
- OT/IoT security mapping
- Logging & audit compliance
- Risk register
- NIS2 sector mapping (Healthcare)
📚 GRC Portfolio (Work in Progress)
- ISO 27001 Gap Analysis
- NIS2 Checklist
- Risk Register
- Business Impact Analysis
- Audit Plan
- Policy Templates
- Threat Models
- Data Flow Diagrams
🧩 Technologies & Frameworks
- ISO 27001
- NIS2
- ISO 31000
- ISO 22301
- ISO 27005
- Python
- IoT (ESP32, ESP-NOW, LoRa)
- Git & GitHub
💡 Why I’m doing this
Healthcare taught me discipline, procedure, risk awareness, and human-centered design.
Cybersecurity governance is the natural evolution of that mindset.
I build systems that are:
- resilient
- auditable
- safe
- clear
- human-first