diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5cac30e..c0c28b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Address PSS concerns.
+
 ## [0.2.0] - 2023-11-10
 
 ### Changed
diff --git a/helm/prow-log-aggregator/templates/deployment.yaml b/helm/prow-log-aggregator/templates/deployment.yaml
index 6a688b3..d85baef 100644
--- a/helm/prow-log-aggregator/templates/deployment.yaml
+++ b/helm/prow-log-aggregator/templates/deployment.yaml
@@ -25,5 +25,9 @@ spec:
             - daemon
             - --kubeconfig.namespace={{ .Values.kubeconfig.namespace }}
             - --server.listen.address=http://0.0.0.0:8000
+          securityContext:
+            allowPrivilegeEscalation: false
       securityContext:
         runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault