“It’ll be done in a few months” was probably the first lie. Many, many months later that’s the first confession that comes to mind. When I was first approached to collaborate on my latest book, I estimated as I’d always done: Optimistically, bordering on the fantastical.

Fortunately the lies tailed off there. Patience was still needed, no good thing is ever born in a rush despite what people might think sometimes, but it’s fair to say I am very, very proud of the outcome of so many months, even a year or so, work in the shape of “Cloud Native Application Protection Platforms: A Guide to Cnapps and the Foundations of Comprehensive Cloud Security”.

Steve and Tailor, writing collaborators par excellence, were the engine of what a CNAPP could do and I did my best to bring the true — if anonymised — stories that look to light up the features. There’s a reason I’ve been called a “Technical Raconteur”; features and facts alone do not a compelling experience make (in books and products), so the stories really matter.

Note: I’m giving a talk the subject of storytelling on this very subject at DigiFest in Eastbourne this week. Any product or service you provide interferes with, ideally enhances, the user’s stories. Stories are one of the best ways we know if something has had a positive or negative impact on our lives.

I’m a storyteller, a raconteur, and I can live with that. I’m also deeply technical and write code as well as prose and poetry every day. It’s not exactly a choice, more a compulsion.

As a storyteller I look for — some might argue, obsesses over — the human experience in everything I work with. Just as a journalist looks for the human side of real-world events and, ideally, facts, I do the same with technology. This has the side-effect of bringing me in contact with lots of people that I love to meet, and helps me be a stronger engineer and product owner because I’m not as interest in the features as I am the lived experience of my users.

I want to know how every product I curate, every book I write, and every thing I do in tech might embrace people and their own stories. Accidentally, but not without pleasure, I tend to appeal to the Elephant and the Rider, and that helps it look — naively I think — that I am good at “selling a product or service”. If by selling you mean I look to build empathy with current and potential customers and users through exploring their stories and placing a technology product or service within that world as a truly positive force, then I’ll take that accolade.

But I’m never lying. That’s the difference between storytelling and the specialism of advertising. A story is on a spectrum of fictionalisation (from fact to complete fiction) and, as a dose of fiction, it is the lie that tells the truth. Advertising is the lie that looks to sell. Good advertising delivers its lie with an ounce of probability in the truth it is trying to show (advertising is still storytelling after all). A good story delivers its lie with an overwhelming amount of truth that you’re looking to land.

I’m never looking to “sell”. As soon as my stories drift into manipulation through negligence, trust sits on a cliff edge and authenticity is at stake. If my stories veer too close to advertising — lies within lies to make you do something — my gut is the first one to tell me. I want to deliver truth in the form of a story, to help the person encountering the story to realise something, not to tell them what to do about it, i.e. “buy this stuff”. The difference is subtle but my gut knows.

In this latest book I tell a story. I weave together a set of experiences where, in small and large ways, security was compromised to illustrate how a CNAPP can help. My stories deliver that truth.

The details might have been changed, the conversations might have had more expletives than a friendly publisher like O’Reilly Media would feel comfortable with, but the situations were real and that’s something I hope our readers enjoy. I try to set the stage so we’re hungry for Taylor and Steve’s incredible security knowledge and perspective. They and the reader really deserve it!

Yesterday I had the pleasure of ripping open a box of copies of “Cloud Native Application Protection Platforms”. A quick scan reminded me of the stories and the information we’d collectively crafted all those months ago. It’s a book I’m proud of.

I think it’s also a pretty good example of how stories can help a very nuanced technical subject be approached. It’s the stories that helped me navigate the brilliance of Steve and Taylor, and so I hope the stories in the book offer a breadcrumb trail for others rot follow to get as much out of that security knowledge as I did.

And that’s really the point I guess. I tell stories so that incredible people in tech can be approached and understood. What they know is worth knowing but getting there is not always an easy journey. Not every engineer or technologist is a Sagan in the making. For those folks, I’m there.

I can jump from the technical facts to the motivating and exciting stories, that’s a skill I’ve developed over the years. It’s a skill I’ve had to learn because, honestly, I’m not excited about the features. It’s great what a product, even a whole platform, can do, but, to coin Shania, that don’t impress me much.

I’m not (initially) excited by the features, or the numbers, or the facts alone. I’m excited by the stories.

So perhaps forever a Technical Raconteur I’ll be.

I can live with that.