diff --git a/core/security.md b/core/security.md
index d9ff89a0d4b..79f2c22db5c 100644
--- a/core/security.md
+++ b/core/security.md
@@ -111,7 +111,7 @@ Available variables are:
 * `request` (only at the resource level): the current request
 
 Access control checks in the `security` attribute are always executed before the [denormalization step](serialization.md).
-It means than for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md).
+It means that for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md).
 
 ## Executing Access Control Rules After Denormalization