The categories and language that we use to describe security tools are broken. The categorization of security tools defaults to the domain in which they function, not the application they perform, and the nomenclature suffers from a severe lack of consistency. This research introduces the Security Tools and Services Mapping (STSM). Security leaders can use the STSM to align security products and services to the functions they perform.