updated the README for onboarding

Author: 6mile

README.md

@@ -26,19 +26,24 @@ NOTE - to understand possible values for the action input `flags`, run the Secur
 
 `$ bloodhound-cli recon --help`
 
-## Create your SecureStack API Key and save as GitHub Secret
+## Create your SecureStack API Key as GitHub Secret
 
-1. Log in to [SecureStack](https://app.securestack.com) and go to the Profile -> GENERATE KEY screen.
-2. Generate an API key and copy the value.
-3. Go to Settings for your GitHub repository and click on Secrets at the bottom left.
-4. Create a new secret named SECURESTACK_API_KEY_SECRET and paste the value from step 2 into the field.
+1. Create a [SecureStack](https://app.securestack.com) account using your GitHub credentials.  You get 20 scans for free and you don't need to add a credit card.
+2. Once you are logged in go to "Profile" in the black drawer on the left, and then -> GENERATE KEY tab.
+3. Generate an API key and copy the value.
+4. Go to Settings for your GitHub repository and click on Secrets -> Actions at the bottom left.
+5. Create a new secret named SECURESTACK_API_KEY and paste the value from step 2 into the field.
 
 ## Retreiving your SecureStack Application ID
 
 1. Log in to [SecureStack](https://app.securestack.com).
-2. Open the application you wish to analyse.
+2. Open the application you wish to analyse.  If you haven't created a managed application you can follow the directions in this [VIDEO](https://youtu.be/mapgawLMVKg) to create one.  
 3. Copy the value of the application id on the View Application screen.
-4. Paste into the value of the `securestack_app_id` action input for the step using the SecureStack action in your workflow.
+4. Go to Settings for your GitHub repository and click on Secrets -> Actions at the bottom left.
+5. Create a new secret named SECURESTACK_APP_ID and paste the value from step 3 into the field.
+
+## Watch this video to learn how to setup your first GitHub Action with SecureStack
+[![IMAGE ALT TEXT](http://img.youtube.com/vi/0sYXsCmY2es/0.jpg)](http://www.youtube.com/watch?v=0sYXsCmY2es "Video Title")
 
 ## What vulnerabilities do we find?
 1. Scans web application for out of date and vulnerable applicaiton components
@@ -48,4 +53,12 @@ NOTE - to understand possible values for the action input `flags`, run the Secur
 5. Identifies if app is using CSP or security headers and whether they're working
 6. Finds WAF bypass attacks for Akamai, Cloudflare & Imperva
 
+## Check out our other GitHub Actions:
+1. [SecureStack Secrets Analysis](https://github.com/marketplace/actions/securestack-secrets-analysis) - Scan your application for embedded api keys, credentials and senstive data.
+2. [SecureStack Software Composition Analysis (SCA)](https://github.com/marketplace/actions/securestack-application-composition-analysis) - Scan your running application url for cloud misconfigurations and web vulnerabilities.
+3. [SecureStack Log4j Analysis](https://github.com/marketplace/actions/securestack-log4j-vulnerability-analysis) - Scan your application for Log4j/Log4Shell vulnerabilities.
+
+## Learn more about SecureStack with our YouTube Channel:
+https://www.youtube.com/watch?v=YrPITQNy9UM&list=PL_8Xjyi5rInxzhpQkDRipipmaj0lT6pJ8 
+
 Made with 💜  by [SecureStack](https://securestack.com)