diff --git a/doc/security-guide/ch034_tenant-secure-networking-best-practices.xml b/doc/security-guide/ch034_tenant-secure-networking-best-practices.xml
index ef20f88af0..ad688ecfe3 100644
--- a/doc/security-guide/ch034_tenant-secure-networking-best-practices.xml
+++ b/doc/security-guide/ch034_tenant-secure-networking-best-practices.xml
@@ -4,7 +4,7 @@
     <para>This section discusses OpenStack Networking configuration best practices as they apply to tenant network security within your OpenStack deployment.</para>
     <section xml:id="ch034_tenant-secure-networking-best-practices-idp44592">
       <title>Tenant Network Services Workflow</title>
-      <para>OpenStack Networking provides users real self services of network resources and configurations. It is important that Cloud Architects and Operators evaluate the their design use cases in providing users the ability to create, update, and destroy available network resources.</para>
+      <para>OpenStack Networking provides users real self services of network resources and configurations. It is important that Cloud Architects and Operators evaluate their design use cases in providing users the ability to create, update, and destroy available network resources.</para>
     </section>
     <section xml:id="ch034_tenant-secure-networking-best-practices-idp46080">
       <title>Networking Resource Policy Engine</title>
@@ -23,7 +23,7 @@
       and authorization section</link> in the <citetitle>OpenStack
       Cloud Administrator Guide</citetitle>.</para>
       <address>It is important to review the default networking resource policy and modify the policy appropriately for your security posture.</address>
-      <para>If your deployment of OpenStack provides multiple external access points into different security domains it is important that you limit the tenant's ability to attach multiple vNICs to multiple external access points -- this would bridge these security domains and could lead to unforseen security compromise. It is possible mitigate this risk by utilizing the host aggregates functionality provided by OpenStack Compute or through splitting the tenant VMs into multiple tenant projects with different virtual network configurations.</para>
+      <para>If your deployment of OpenStack provides multiple external access points into different security domains it is important that you limit the tenant's ability to attach multiple vNICs to multiple external access points -- this would bridge these security domains and could lead to unforeseen security compromise. It is possible mitigate this risk by utilizing the host aggregates functionality provided by OpenStack Compute or through splitting the tenant VMs into multiple tenant projects with different virtual network configurations.</para>
     </section>
     <section xml:id="ch034_tenant-secure-networking-best-practices-idp51440">
       <title>Security Groups</title>