Let me start with a confession.

I have a law degree. Not computer science. Not software engineering. An LLB from the University of Buckingham, with modules in contract law, tort, and constitutional law. And yet here I am, over twenty years into a career in enterprise cybersecurity — leading identity and access management programmes for several both public and private sector clients, building SaaS products, advising on governance frameworks, and writing about emerging threats for an audience of CISOs and security architects.

Nobody handed me a technical certificate at the door.

I tell you that not to be self-promotional, but because the number one myth holding capable, intelligent people back from the technology sector is the belief that you need a technical background to get in. You don’t. What you need is clarity about where your existing skills are actually valuable — and the willingness to learn enough of the language to operate fluently in technical spaces.

In 2026, that opportunity has never been larger. And some of the most exciting doors are ones that barely existed five years ago.

Why the Tech Industry Needs People Who Aren’t Technologists

Here’s something the industry doesn’t say loudly enough: technology is increasingly failing because of problems that technology cannot solve.

Projects run over budget because no one translated the technical requirements into business language clearly enough. Products get built that nobody wants because the people who understand the users weren’t in the room when decisions were made. AI systems get deployed that no one can adequately govern or explain because the people who understand regulation, ethics, and accountability weren’t involved until it was too late. Security strategies get signed off that look impressive on paper but don’t reflect how the organisation actually works — because the people who wrote them didn’t understand the operational context.

These are people problems. Communication problems. Governance problems. Strategy problems.

Which means they are precisely the kinds of problems that people coming from law, finance, healthcare, teaching, communications, project management, social sciences, and a dozen other non-technical backgrounds are often uniquely positioned to solve.

The technology industry doesn’t just need more engineers. It needs more people who can sit between the technical and the human — and make sense of both.

The Roles That Don’t Require You to Write a Line of Code

Business Analysis

This is one of the most underrated entry points into tech, and one of the most natural pivots for people coming from operational, finance, or consultancy backgrounds. Business analysts are essentially translators — they sit between what a business needs and what a technical team builds, and they make sure those two things are actually aligned.

Strong analytical thinking, the ability to ask the right questions, document complex requirements clearly, and hold a room of stakeholders together — these are the skills. The technical vocabulary can be learned. The instinct for structured problem-solving usually can’t.

If you’ve managed projects, written reports, run process improvement initiatives, or spent time in a role where you had to take messy information and make it legible — business analysis will feel like home.

Product Management

Product management is arguably the most coveted non-technical role in tech, and for good reason. Product managers own the vision and direction of a product. They decide what gets built, in what order, and why. They speak to customers, interpret data, manage stakeholders, write roadmaps, and ultimately take accountability for whether a product succeeds or fails.

It’s one of the highest-leverage roles in any technology company — and some of the best product managers I’ve encountered came from backgrounds in education, journalism, healthcare, and the law. The common thread isn’t technical expertise; it’s the ability to hold complexity without collapsing it prematurely, and to make decisions with incomplete information.

Cybersecurity — Especially GRC

I’m going to spend a moment on this one because it’s close to my world, and the talent shortage here is genuinely acute.

Governance, Risk, and Compliance (GRC) within cybersecurity is a discipline that sits almost entirely in the intersection of regulation, policy, process, and human behaviour. You need to understand frameworks like ISO 27001, NIST, and the UK Cyber Essentials scheme. You need to be able to write risk assessments, conduct audits, manage policies, and translate regulatory obligations into operational controls. You need to be able to communicate risk clearly to boards who don’t understand technical jargon.

None of that requires you to configure a firewall or write a security script. It requires rigour, attention to detail, legal and regulatory literacy, and the ability to build governance structures that work in practice rather than just looking good in a document.

People with backgrounds in law, compliance, finance, and audit are natural fits. The technical fluency you need can be built incrementally — the conceptual foundation is already there.

Technical Writing and UX Writing

Every piece of software has documentation. Most of it is terrible. The people who can write clearly, empathetically, and precisely about technical subjects — translating complex functionality into language that real users can follow — are genuinely in demand across the technology sector, including in AI companies, developer tool companies, and large enterprise software vendors.

UX writing is the specific discipline of writing the microcopy inside products: the button labels, error messages, onboarding prompts, and instructional text that determine whether a user feels guided or lost. It sounds small. It’s actually the difference between a product people adopt and one they abandon.

If you have a background in communications, journalism, English, or any discipline that trained you to write with clarity and precision, these pathways are wide open.

Customer Success and Solutions Engineering

Enterprise technology is sold, implemented, and supported by people — not just code. Customer Success Managers work with enterprise clients to ensure they’re getting value from the products they’ve purchased. They need to understand the product deeply, understand the client’s business, and build relationships that prevent churn and enable expansion.

Solutions Engineers (sometimes called Pre-Sales or Sales Engineers) work at the intersection of sales and technical depth — they help prospective clients understand how a product would solve their specific problems. The best ones come from backgrounds where they’ve had to quickly understand complex domains and communicate them credibly under pressure.

These roles can pay extremely well in enterprise SaaS, and they reward people skills, business acumen, and domain expertise as much as — often more than — purely technical credentials.

The Emerging Spaces: Where the Next Wave of Opportunity Lives

AI — But Not the AI You’re Thinking Of

When most people hear “AI jobs,” they imagine machine learning engineers running neural networks. And yes, that market is competitive, technical, and requires specialist education.

But the AI economy is generating a much larger ecosystem of roles that don’t look like that at all.

AI Product Managers are needed to define what AI-powered products should do, who they serve, and how they should behave — including how to handle failure, bias, and edge cases. This is a deeply human and strategic role.

AI Trainers and Evaluators — sometimes called RLHF specialists or Red Teamers — are people who test AI systems, identify where they fail, and provide feedback that shapes their behaviour. Accuracy, critical thinking, and domain expertise matter far more than coding ability here.

AI Ethics and Governance Specialists are arguably the fastest-growing adjacent role category. The EU AI Act is now in force. The UK is developing its own regulatory framework. Every company deploying AI at scale needs people who can navigate the compliance obligations, define acceptable use policies, conduct impact assessments, and build accountability mechanisms around automated systems.

Lawyers. Policy analysts. Social scientists. Ethicists. Compliance professionals. The technology industry desperately needs your perspective here — and most of the people making decisions in this space right now are doing so without it.

Prompt Engineers and AI Workflow Designers — designing the way AI systems receive and process instructions, and how they’re integrated into organisational workflows — is a discipline that rewards clear thinking, an understanding of human communication, and a systematic approach to problem design. You don’t write the AI. You architect how people and teams interact with it.

Quantum Computing — The Long Game

Quantum is earlier stage than AI, and I want to be honest about that. Most quantum computing roles today are still heavily research-oriented and do require deep technical backgrounds. But the industry is maturing, and a new category of supporting roles is beginning to emerge that looks different from the research lab.

Quantum Strategy and Policy roles are being created by governments, financial institutions, and defence contractors who need people who can assess the strategic implications of quantum technology — for cryptography, for national security, for supply chain resilience — without necessarily being able to operate the hardware themselves. McKinsey projects that only half of the quantum jobs that will exist in the coming decade may be filled due to talent shortages. The people who position themselves now — building conceptual literacy in post-quantum cryptography, quantum risk, and quantum policy — will have a significant first-mover advantage.

Post-Quantum Cryptography (PQC) Transition is perhaps the most immediately relevant opportunity for people with cybersecurity governance and compliance backgrounds. Organisations across financial services, government, and critical infrastructure are beginning the process of migrating their cryptographic systems to quantum-resistant standards. This is a governance and programme management challenge as much as a technical one. NIST finalised its PQC standards in 2024. The migration timelines are being set now. The people who lead those programmes will need to understand the risk landscape, engage with regulators, manage vendor relationships, and communicate complex technical transitions to boards.

That is not a purely technical skill set. It’s a hybrid one. And the window to develop it is open right now, before everyone else arrives.

GRC for Emerging Technologies

Regulation is following technology at an unprecedented pace. The EU AI Act, the UK Cyber Resilience framework, DORA, NIS2, the Cyber Security and Resilience Bill — organisations across every regulated sector are navigating a landscape of compliance obligations that most of their internal teams are not equipped to interpret or implement.

People with legal training, financial services compliance experience, public policy backgrounds, or even theological ethics (the principles translate further than you’d think) can move into technology governance roles and immediately contribute in ways that pure technologists cannot.

This is a space where your existing expertise isn’t a liability you need to overcome. It’s the asset.

The Practical Question: How Do You Actually Make the Move?

A few things I’d say from experience, watching people make this transition well and watching others get stuck.

Stop waiting until you feel ready. The people who successfully move into tech don’t wait until they know enough. They move into adjacent roles that stretch them, learn on the job, and build technical vocabulary through proximity and practice. Readiness is a horizon — it keeps moving.

Get the certification, not the degree. For most non-technical routes into tech, professional certifications are worth more than a second degree. CompTIA Security+ for cybersecurity fundamentals. The BCS Business Analysis certificate. The IAPP certifications for privacy and AI governance. The CISMP for information security management. These are relatively accessible, widely recognised, and demonstrate intentional commitment to the field.

Learn the language without needing to speak it fluently. You don’t need to understand how OAuth 2.0 works mechanically. But you do need to understand what it does, why it matters, and how to have a conversation with a developer about it. Conceptual literacy — understanding enough to ask the right questions and contribute meaningfully to technical decisions — is a realistic and achievable goal.

Find the translation role. The most successful lateral movers into tech are the ones who don’t try to compete with career technologists on technical ground. They find the space where their background gives them an advantage — the boardroom, the client relationship, the regulatory conversation, the governance framework — and they become indispensable there.

Build in public. Write about what you’re learning. Comment thoughtfully in LinkedIn conversations about the topics you’re developing expertise in. Publish your thinking. The technology sector — especially in cybersecurity, AI governance, and product — is a space where public intellectual presence creates genuine opportunity. Recruiters find people this way. Collaborators find people this way. Clients find people this way.

A Word to Anyone Who Thinks It’s Too Late

I have met people who moved into cybersecurity governance in their forties after careers in policing. I know people who moved into product management after years in teaching. I’ve seen former journalists build entire careers in technical writing and UX. I’ve watched compliance professionals become the most valued people in AI risk conversations precisely because nobody else in the room understood the regulatory landscape they’d spent a decade navigating.

The technology sector is young enough, and moving fast enough, that experience from elsewhere is almost always relevant somewhere. The question is never whether your background has value. The question is where that value lands.

In 2026, the answer to that question is: more places than ever.

The doors are open. They just don’t always look like the ones you’ve been told to walk through.

Sam is a Senior Cybersecurity Consultant and IAM specialist, Founding Partner at MustardTree Group, and writer on technology, governance, and emerging cyber risk.