There are two stages of a security career: Before you know the truth of what you read in the news on an incident, and after, when you know exactly what happened and can't say a single fucking thing.
There are compensating controls and defense complexities that delayed or simply didn't work in many cases, through even further complexity. A narrative of how the attacker made 1=1 is not the complete story but telling that is so full of minutia and NDA it's basically not worth trying.
With respect: skill issue.
Storytelling requires understanding the full dependency tree of how the thing came to be, absolutely. And some of those factors may well be NDA'd.
But conveying the narrative of what happened does not require a full prospectus of those NDA'd components - it's fine to elide it to "a library function was called that had this effect".
Not every detail is required for the narrative to make sense and to provide useful information. Nobody cares what color hat Jack the Giant Killer wore when he climbed the beanstalk; they care about the goose with the golden eggs and how he got hold of it.
