Employee investigations teams (forensics)

Hey all,

Been a forensics analyst focused on intrusion based examinations and have been asked to move over to more internal investigations of employee behavior.

Has anyone here done both and missed one or the other? I'm concerned my cyber security investigation skills will dwindle quickly by only conducting investigations of users performing exfiltration of data, or publicly posting passwords, using sketchy software to bypass controls or logging in from sanctioned countries to name a few tasks.

Do you think …

analyst bypass controls countries cyber cyber security cybersecurity data employee employee behavior exfiltration forensics hey internal intrusion investigation investigations logging logging in name passwords performing quickly security skills software teams