This thesis examines software developers’ secure coding trainings and training needs in a case organization. The objective of the research is to discover the software developers’ educational background related to secure software development and secure coding, their attitudes towards developing own expertise and workplace training, and their secure coding training needs.

The research was conducted with qualitative research design in a case organization, and the desired strategy of inquiry was a case study. Four employees from the case organization were interviewed. They all have years of expertise in secure software development; therefore, the participants cannot be seen as representing the population in broad sense. The interviews were analyzed using qualitative methods dividing subjects into themes.

The interviewees have received very limited coding training in their previous studies and so is their professional expertise gained mainly through in practice alongside. The skills development has mainly relied on every individual’s personal interest, as the organization has not consistently provided workplace trainings. Software developers have a positive attitude towards developing their own professional expertise, and all the participants have a high intrinsic motivation that guides them in learning new. Even though workplace trainings are generally viewed negatively, self-development is perceived important.

The participants in the study operate in the financial sector, which can be seen as critical infrastructure. Their systems contain confidential information. As a result, security skills are a significant part of the job description of software developers. The longer-term goal of the study is that its results can be used to develop secure coding training program for software developers.