Show Me The Logo: The IT Circle Interview with Lydia's Head of IT Sébastien

Interview with Sébastien Marouani, Head of IT, IAM & Cybersecurity tools at Lydia.

In this conversation, Sébastien shares key lessons from over a decade at Lydia, covering the ongoing challenge of applying for a banking license in France on a fully macOS infrastructure, managing shadow IT in a SaaS-heavy environment, and navigating the risks and limitations of AI tools in the workplace. He reflects on how application usage has evolved from spreadsheets to structured identity governance, and gives practical advice to new IT professionals: challenge the status quo, avoid market hype, and always choose tools that truly fit your needs.

‍

Tell me about the IT project you are most proud of, or the one that challenged or disappointed you the most

The most challenging project we are facing is applying for a banking license in France while running entirely on a macOS infrastructure. This would be a first for a retail bank. Lydia is currently an electronic money institution, but we made the ambitious decision to apply for a full banking license with the Banque de France, which is known as one of the strictest regulators in Europe. We chose to go through the French process, which demands the same level of compliance as traditional banks like BNP or Société Générale.

What makes me particularly proud is that we are doing this with a 100% macOS setup. Most banks use Windows, and the regulator is used to that environment. When they ask questions about antivirus, EDR, DLP, or Active Directory, they expect standard Windows-based solutions. We have to find ways to meet those expectations while adapting them to our Apple-based systems.

This is a significant technical and organisational challenge. We originally had a mixed fleet of Chrome OS and macOS devices, but we have migrated fully to macOS. This project is something we are proud of, but it continues to challenge us and occasionally frustrate us, especially when we need to explain why some of our answers do not fit into traditional expectations.

Is visibility important to avoid high-risk security mistakes?

Today, the biggest concern for anyone managing identities is shadow IT. The main challenge is discovering tools that have not been approved or reviewed from a technical or security standpoint. The real issue is knowing what you do not know. You can protect yourself from tools you are aware of, even if they have vulnerabilities. For example, most banks run on Windows, and since they know the risks, they use solutions like CrowdStrike to mitigate them.

But when a tool is completely unknown, you do not know it exists, you do not know it might be vulnerable, and you do not know if user accounts have been created on it. So when someone leaves the company, those accounts might remain active. From a security perspective, this is one of the most critical risks. It is just as serious as the issue of Bring Your Own Device. Whether it is a tool or a device, if it is not under control, it poses a major threat.

💡 “When a tool is completely unknown, you do not know it exists, you do not know it might be vulnerable, and you do not know if user accounts have been created on it. So when someone leaves the company, those accounts might remain active. From a security perspective, this is one of the most critical risks.”

What is the impact of AI tools on an already complex SaaS environment?

I have been watching these new AI tools with a lot of curiosity, and I have also seen some of the world's biggest companies completely miss the shift. Even giants like Google and Apple fell behind and now have to spend billions to catch up. What strikes me is that, even in 2025, some models still cannot answer very basic questions properly. That tells you how unreliable AI can still be.

For me, the real challenge is learning how to use these tools properly. You need to know how to write a good prompt, understand the type of data you are sending to the model, make sure the model is appropriate, and, above all, keep a critical eye on the answers it gives you. These are skills that should be taught from middle school all the way to business school. The biggest risk is copying and pasting blindly without questioning the output.

Another risk is the rise of a new form of Shadow IT. Employees could use ChatGPT or other free AI tools with personal accounts, sometimes entering sensitive internal information like operational processes. That is where things could become problematic. At Lydia, we have a strict policy in place, along with Data Loss Protection mechanisms to monitor and contain such risks. For now, our controls are non-intrusive and focused on reporting, but we may move to stricter enforcement if needed.

💡 “In the modern workspace, in many companiese employees could use ChatGPT or other free AI tools with personal accounts, sometimes entering sensitive internal information like operational processes. That is where things could become problematic.”

Over your 11 years at Lydia, how have you seen the adoption and use of applications evolve?

I joined Lydia over 11 years ago, and I have held a wide range of roles: growth, marketing, customer support, fraud prevention… and now Head of IT. Even before I officially took on the IT function, I was always involved in technical matters like managing laptops, printers, and internet access.

Back then, things were very much in startup mode. Everyone brought their own Mac and access to tools was tracked in a simple Google Sheet. Each tool had a row, and we would just tick boxes to say who had access to what. When I formally took over IT in 2017, we realised that this system might no longer be good enough. That is when I started exploring identity and access management (IAM), even though it was not widely discussed at the time.

We realised how important it was to have a clear view of which tools we were using, who had access, when access was granted or revoked, and by whom. Today, we use hundreds of tools, and almost all of them are SaaS. Managing all of this manually was no longer sustainable. We needed traceability, automation, and real governance around our access systems.

I believe we were quite early in recognising this need, long before it became a mainstream concern in larger organizations.

💡 “We realised how important it was to have a clear view of which tools we were using, who had access, when access was granted or revoked, and by whom. Today, we use hundreds of tools, and almost all of them are SaaS. Managing all of this manually was no longer sustainable. We needed traceability, automation, and real governance around our access systems.”

How does IT contribute to Lydia’s branding and visual identity?

At Lydia, IT is a driving force behind the company’s unique brand identity and visual presence. Every digital interaction—from the moment a customer opens the app to the tools employees use internally—reflects a carefully crafted visual identity. The IT team works closely with design and marketing to ensure that logo design principles are consistently applied, making Lydia’s brand easily recognizable and memorable. By selecting premium fonts, cohesive color palettes, and high-quality imagery, IT helps create a professional and trustworthy image that resonates with customers.

This attention to detail extends to every platform and device, ensuring that Lydia’s visual identity remains strong and unified, no matter where or how users engage with the brand. The result is a seamless experience that not only looks polished but also communicates Lydia’s values and commitment to excellence. Through thoughtful design and technology integration, IT helps Lydia stand out in a crowded market, building lasting connections with its audience.

💡 “IT is often behind the scenes, but every digital touchpoint—from our app’s interface to our internal tools—reflects Lydia’s brand. Ensuring consistency and reliability in these systems is part of how we build trust with users.”

What role does IT play in customer relationship management at Lydia?

IT is at the heart of Lydia’s approach to customer relationship management, ensuring that every interaction with the brand is smooth, secure, and meaningful. By integrating platforms and tools across the company, the IT team enables Lydia to better understand its customers and tailor experiences to their needs. This seamless integration allows for efficient communication, whether it’s through a helpful video tutorial, a timely notification, or a personalized message.

With robust data analytics and secure systems, IT empowers Lydia to deliver targeted services and support, enhancing customer satisfaction and loyalty. The team’s efforts ensure that customer information is protected, and that every touchpoint—be it a blog post, social media campaign, or in-app message—reflects the brand’s values and commitment to its audience. In this way, IT not only supports the company’s operations but also plays a vital role in building and maintaining strong relationships with customers.

💡 “Our IT team works closely with customer support and product teams to ensure seamless integration between our platforms and the tools that help us understand and serve our users better. Reliable data and secure systems are key to delivering a great customer experience.”

How does your team approach help desk and technical support in a fast-growing fintech?

In a rapidly expanding fintech like Lydia, the help desk and technical support team must be both agile and forward-thinking. The team prioritizes quick, effective solutions that empower employees and customers alike, all while upholding the highest standards of security and compliance. By offering a range of easily accessible resources—such as a comprehensive knowledge base, step-by-step video guides, and interactive support tools—Lydia ensures that users can find answers and resolve issues with just a few clicks.

Scalable systems and automated workflows are at the core of the support process, enabling the team to handle increasing demand without sacrificing quality. Whether customers reach out via the website, social media, or other channels, the support experience is designed to be intuitive and responsive, reflecting Lydia’s commitment to world-class service. By leveraging the latest in design and technology, the team creates a seamless support journey that not only solves problems but also reinforces the company’s reputation for excellence and innovation.

💡 “Supporting a rapidly scaling company means our help desk must be agile, proactive, and deeply integrated with our security and compliance processes. We focus on empowering employees to solve issues quickly while maintaining high standards of security.”

What advice would you give to someone starting out in IT in 2025?

The best piece of advice I ever received came from my grandfather. He used to say, “You pay the musicians at the end of the dance.” That applies perfectly to IT. You need to take a step back and avoid falling into the “this-is-how-it’s-done” mindset, where people say things like, “You go with Cisco for networking” or “Jamf for Mac management” just because that is what everyone else does.

At Lydia, we never choose tools based on who else is using them. When a vendor comes in and starts showing me a slide full of logos from other companies they work with, I ask them to skip it. Each company is represented by one logo, which serves as a distinctive visual element and can take various forms such as a wordmark, monogram, or emblem—an emblem being a type of logo that combines text and imagery within a unified shape, often symbolizing tradition or legacy. That is not a decision criterion for us. What matters is whether the tool actually fits our needs.

It is better to take the time to properly assess your use case and choose the tool that suits it, even if it is less well known, rather than defaulting to the market leader. A Ferrari looks great, but if you have a family of six and you are driving on unpaved roads, it will not help you. What you need is a reliable Volvo station wagon. The best tool is not necessarily the flashiest one, but the one that does what you actually need.

‍

Sébastien has been with Lydia since 2013 working in different departments and since 2023 as Head of IT, IAM et Cybersecurity.

‍