diff --git a/labs/2_IntroKubernetes/hello-world-apply.yaml b/labs/2_IntroKubernetes/hello-world-apply.yaml
index 83b0f9b..9cf68f1 100644
--- a/labs/2_IntroKubernetes/hello-world-apply.yaml
+++ b/labs/2_IntroKubernetes/hello-world-apply.yaml
@@ -33,10 +33,17 @@ spec:
             memory: 30Mi
           requests:
             cpu: 1m
-            memory: 10Mi   
+            memory: 10Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          capabilities:
+            drop: ["ALL"]
+          seccompProfile:
+            type: "RuntimeDefault"
+          runAsUser: 999
       imagePullSecrets:
       - name: icr
       dnsPolicy: ClusterFirst
       restartPolicy: Always
-      securityContext: {}
       terminationGracePeriodSeconds: 30
diff --git a/labs/2_IntroKubernetes/hello-world-create.yaml b/labs/2_IntroKubernetes/hello-world-create.yaml
index ccb8047..2f37dfd 100644
--- a/labs/2_IntroKubernetes/hello-world-create.yaml
+++ b/labs/2_IntroKubernetes/hello-world-create.yaml
@@ -8,5 +8,13 @@ spec:
     image: us.icr.io/<my_namespace>/hello-world:1
     ports:
     - containerPort: 8080
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      capabilities:
+        drop: ["ALL"]
+      seccompProfile:
+        type: "RuntimeDefault"
+      runAsUser: 999
   imagePullSecrets:
   - name: icr