diff --git a/specification/security.md b/specification/security.md
index b60360a..a7cbec2 100644
--- a/specification/security.md
+++ b/specification/security.md
@@ -55,12 +55,12 @@ info:
     and requesting the state of the board or of individual squares.
   version: 1.0.0
 security:
-  defaultApiKey: []
+  - defaultApiKey: []
 paths:
   /board:
     get:
       security:
-        defaultApiKey: []
+        - defaultApiKey: []
 ```
 
 This method of referencing Security Scheme objects is valid for all types. The array shown as the value of `defaultApiKey` above is populated for OAuth Flow and OpenID Connect objects, which have some additional features that are discussed below. An empty array is provided in all other cases.
@@ -139,14 +139,14 @@ info:
     and requesting the state of the board or of individual squares.
   version: 1.0.0
 security:
-  oauth2Profiles:
+  - oauth2Profiles:
     - board:read
     - board:write
 paths:
   /board:
     get:
       security:
-        oauth2Profiles: []
+        - oauth2Profiles: []
 ```
 
 Note that if you want to segregate grant types - where, for example, Client Credentials is only supported for a specific Operation - you'll need to create a separate Security Scheme object that can be applied individually. This is also true if you want to differentiate the available scopes, for example:
@@ -185,15 +185,15 @@ paths:
   /board:
     get:
       security:
-        app2AppOauth:
-        - board:read
+        - app2AppOauth:
+          - board:read
       ...
   /board/{row}/{column}:
     put:
       security:
-        user2AppOauth:
-        - board:read
-        - board:write
+        - user2AppOauth:
+          - board:read
+          - board:write
       ...
 ```
 
@@ -226,7 +226,7 @@ info:
     and requesting the state of the board or of individual squares.
   version: 1.0.0
 security:
-  openIdConnect:
+  - openIdConnect:
     - board:read
     - board:write
 ```