Former Vice President and Chief Information Security Officer at James Hardie, Jay Gonzales discusses his career in cybersecurity and the role of continuous learning plays in industry success.

When Jay Gonzales joined the military he never thought the role in finance would lead him down a career path to cybersecurity. His first four years in the Marine Corps was spent working in an office next to the IT team and that, Gonzales says was how he got his first exposure to Information Technology.

“I switched jobs at that time and it just kind of took off because the Department of Defense had started their cybersecurity specialty and I was one of the first Marines to do that job.”

Gonzales spent 13 years as an active duty Marine specializing in Information Assurance and Computer Network Defense (IA/CND) before moving on to a Network Security Engineer at SAIC, then Information Systems Security Manager for the United States Department of the Navy.

He also served as Digital Forensic Investigator for the Naval Criminal Investigative Service (NCIS) before taking on roles as Risk Manager of Global Cyber Security at Hewlett Packard and Chief Security Officer at Samsung Electronics. In addition to his most recent roles, Gonzales also provides consultation to Israeli cybersecurity companies in his role as a Venture Advisor with YL Ventures. He also currently serves as a CISO Governing Body Member with Evanta and is a member of InfraGard National Members Alliance.

In 2021, Gonzales joined James Hardie — a global manufacturer of fiber cement products — as the Vice President and Chief Information Security Officer. While in that role, Gonzales developed and led an award-winning cybersecurity program with the James Hardie cybersecurity program earning a spot on the CSO Award Winners for Innovation in Cybersecurity in 2024.

With security, everything is dynamic, nothing is static. It's always changing. You must keep learning.

Under his leadership, the James Hardie cybersecurity team matured rapidly with his work extending into enterprise risk management and crisis management, as well as helping to develop a business continuity and disaster recovery program.

One of the biggest projects Gonzales’ spearheaded while at James Hardie was an IT / OT segmentation.

“It took a lot of careful planning and implementation to ensure we were not being disruptive to the manufacturing line and process, but over the course of about two and a half years, we did a full IT / OT segmentation to ensure that in the event there was an incident, it's all going to stay on one side of the fence. It's not going to go over to the other side and impact operations and the reverse,” Gonzales says.

“The CISO role was more about building the foundation for cybersecurity to continue to provide the base to transform the business in the direction they are headed.”

Be the problem solver

When asked about advice to those looking to get into the cybersecurity industry, Gonzales says curiosity is key to long-term success.

“Learn as much as you can about the space,” he says. “With security, everything is dynamic, nothing is static. It's always changing. You must keep learning. You have to challenge yourself. You have to be the person who wants to be the problem solver.”

Finding support from other professionals within the industry can be key to a successful career and Gonzales says he’s always looking for ways to help others in and around the industry rise to their potential.

“To be effective in a mentor role, there has to be a genuine interest in helping other people thrive and see people grow,” he says. “You choose someone to mentor when you see something in someone and you know if they just had more guidance, just a little bit more structure, they can be and do so much more. I see more within them than they're demonstrating to others, and I really try to pull that person out, bring them up a level, because I truly want people to believe in themselves and be successful.”