Yes, you learn a lot of soul-crushing, horrible things about people but you also learn charmingly benign things about people, like their super discreet PG Harry Potter obsessions.
Anyway, your SOC might not know *everything* you do on your computer, but your forensics team may.
Anyway, your SOC might not know *everything* you do on your computer, but your forensics team may.
Also, like so many dudes use their work laptops for porn on work travel. So many. And some women. Which I would advise against more because of the potential it pops up in an inopportune screenshare or screenshot than any particular security or policy reason. Compartmentalize.
(Annual reminder that "porn mode" hides nothing from forensic analysts or forensic tools. In fact, it typically makes that activity stand out because the records and artifacts log differently.)
Insiders? Sometimes it helps sanity to try to understand why they did it. People get into IP theft because of money problems, blackmail, anger, propaganda, or even just loyalty to someone else. You can't just think of them all as pure evil and ill. It doesn't help you catch them.
At some point you just can't get so mad at the people you catch anymore. You have to save it for the really vile ones, because humans are going to human. You have to stay a little detached and understand a lot about basic psychology and human motivations.
If you're still at that stage of infosec or DFIR where you get viscerally mad at just like, state-backed adversaries and criminal orgs doing low-level crap, please do some introspection and see if that anger is helping you conduct good threat intelligence and understand TTPs.
