diff --git a/README.md b/README.md
index 22a0eeca..6b68f1d6 100644
--- a/README.md
+++ b/README.md
@@ -9,11 +9,22 @@ redirect_from:
 
 ![](https://user-images.githubusercontent.com/2124094/164599444-448f92f1-7a73-4a86-a377-bc650f10e756.png)
 
-## Usage
+## Example Usage
 
 ```bash
 $ helm repo add someengineering https://helm.some.engineering
+$ helm upgrade --install --namespace fix --create-namespace fixinventory someengineering/fixinventory
+# Wait for deployment to finish and pods to settle
+# Run Fix Shell to configure the system
+$ kubectl -n fix exec -it service/fixinventory-fixcore -- fixsh
+# Access the web interface to read the documentation and API docs or run Jupyter notebooks
+$ kubectl -n fix port-forward services/fixinventory-fixcore 8900:8900
 ```
+Open https://127.0.0.1:8900 in your browser. Ignore the self-signed cert or alternatively fetch https://127.0.0.1:8900/ca/cert and compare its fingerprint with the one returned in the `SHA256-Fingerprint` header.
+Then validate the connection using the `Authorization` header which contains a JWT signed by Fix Core using the pre-shared-key (PSK). The JWT payload contains a field sha256_fingerprint
+which should match the fingerprint of the certificate (and the http header). The PSK can be found in the `fixinventory-psk` secret (e.g. `kubectl -n fix get secrets/fixinventory-psk -o json | jq -r .data.psk | base64 -d; echo`).
+
+Read more on how security between Fix components is bootstrapped at https://inventory.fix.security/reference/security
 
 ## Charts