Buckets permissions, Password protect Redis, Cleanup obsolete IAM accounts, Create GCP IAM roles for DEVs/SREs/NROs, etc

SE will lead these exercises.

Possibly waiting until ISO/Security Engineer is here.

• Start with the attack tree exercise
• Work out low hanging fruit
• Go through recommendations etc.