CompTIA retired the SY0-601 exam in July 2024, and Professor Messer Security+ content for the replacement—SY0-701—was live within weeks of the new exam launching in November 2023. That responsiveness is a useful data point: Jason Messer treats exam alignment as a first principle, not an afterthought. It's why his free course has become the default starting point for Security+ candidates, and why it's worth understanding exactly what you're getting before you build your entire study plan around it.
What Is Professor Messer Security+?
Professor Messer Security+ is a free video training series created by Jason Messer, a CompTIA-certified instructor who has been producing certification prep content since 2008. The current course targets SY0-701—the only active Security+ exam version—and covers all five domains in the official exam outline.
The videos live on professormesser.com and YouTube. Every lesson is free. No account required, no trial period, no drip-fed content. Messer covers each exam sub-objective in a dedicated video, typically 10–25 minutes, which makes it straightforward to target weak areas without rewatching unrelated material.
What you won't find in the free tier: practice exams, downloadable study notes, or access to his companion study groups. Those require payment. Practice exam packages run $30–$40; the full bundle with notes and group access is under $100. The core video content, however, is genuinely free with no catch.
What Professor Messer Security+ Covers on SY0-701
SY0-701 reorganized the domain structure compared to SY0-601. The five domains and their exam weights are:
Domain 1: General Security Concepts (12%)
Security control categories (technical, managerial, operational, physical), cryptography fundamentals, authentication mechanisms, and PKI. Messer is particularly strong here because these are concept-heavy topics that benefit from clear verbal explanation. His treatment of asymmetric vs. symmetric cryptography and certificate chains is among the clearest you'll find anywhere, free or paid.
Domain 2: Threats, Vulnerabilities, and Mitigations (22%)
The largest domain by exam weight. Covers malware types, social engineering vectors, application-layer attacks (SQL injection, XSS, buffer overflow), network attacks, and vulnerability scanning methodology. Messer walks through each attack type methodically. This is where most candidates spend the most time, and his videos hold up well under repeated review.
Domain 3: Security Architecture (18%)
Cloud security models, virtualization, network segmentation strategies, zero trust architecture, and secure infrastructure design patterns. Messer covers the conceptual layer accurately, but candidates with limited networking background may find this domain requires supplementary material. Some explanations assume you already know how VLANs or SD-WAN work in practice.
Domain 4: Security Operations (28%)
The heaviest domain by exam weight. Identity and access management, endpoint security controls, monitoring and logging, incident response procedures, and digital forensics basics. Messer's treatment is thorough, and he does a good job explaining the process-oriented questions that appear frequently in this domain—when to escalate, how to preserve evidence, what order to follow during containment.
Domain 5: Security Program Management and Oversight (20%)
Risk management frameworks, compliance requirements (NIST CSF, ISO 27001, SOC 2), data governance, and privacy regulations including GDPR and CCPA. This domain is consistently underestimated by candidates who focus on technical content. Messer covers it competently, though the material is drier than the attack-focused domains. Budget extra review time here if compliance topics are new to you.
Professor Messer Security+ vs. the Alternatives
The realistic comparison for most self-studiers is between Messer and the other no-cost or lower-cost resources:
- Professor Messer (free videos): Most complete free option, updated for SY0-701, organized strictly by exam objective. No labs, no practice questions in the free tier, no interactive elements.
- CompTIA CertMaster Learn: Interactive, lab-heavy, and aligned to the official blueprint. Costs $459 for a 12-month license. Legitimate but expensive for what you get.
- Mike Chapple and David Seidl's Study Guide (Sybex): The most widely used Security+ textbook. Strong on conceptual depth, weaker on visual explanations. Pairs well with Messer's videos as a second pass through the material.
- YouTube (NetworkChuck, John Hammond): Good for specific topics or motivation, but not organized by exam objective. Poor substitute for systematic prep—useful as a supplement, not a foundation.
- Jason Dion's Udemy course: More hands-on and scenario-based than Messer. Frequently discounted to under $20. Worth considering if you want a different teaching style or more practice questions bundled with video content.
For most self-studiers, the practical combination is Messer's free videos plus a paid practice exam resource. The practice exams can be Messer's own, Dion's on Udemy, or MeasureUp. Using all three is overkill; using none is how you fail a passable exam.
Is Professor Messer Security+ Enough to Pass?
The honest answer: necessary but not sufficient for most candidates. Here's a realistic breakdown by background:
- 1–2 years of IT support or networking experience: Messer's videos plus a solid practice exam set (aim for 200+ questions across multiple attempts) is probably enough. Budget 80–120 hours total study time.
- No prior IT background: Add a textbook alongside the videos, and expect a longer prep period. The exam assumes basic familiarity with how networks, operating systems, and common protocols function. Messer's videos don't cover that baseline—they assume it.
- Working in IT security already: Messer's videos work well as a review to identify gaps. Many practitioners pass with 40–60 hours of focused prep using videos and practice exams.
The specific gap in video-only prep is performance-based questions (PBQs). These appear at the start of the SY0-701 exam and simulate real tasks—configuring access controls, analyzing firewall logs, identifying vulnerabilities in a network diagram. They require application under time pressure, not just concept recall. Messer's videos explain the underlying concepts accurately, but they don't expose you to this question format. That's the job of practice exams, and it's where the $30–$40 for a quality practice exam set pays for itself.
One practical note on timing: the SY0-701 exam is 90 questions in 90 minutes. PBQs take longer than multiple-choice. Candidates who haven't done timed practice runs consistently run short on time and rush through the end of the exam. This is avoidable with deliberate practice but not something you'll notice until you simulate exam conditions.
Top Courses
For professionals building broader skills alongside their Security+ prep, these courses address adjacent areas that complement technical certification work:
Innovation That Works with Professor Jagdish Sheth
A Coursera course on strategic innovation frameworks taught by a well-regarded business professor—relevant for security professionals moving into leadership or advisory roles where business justification matters as much as technical knowledge.
Customer Centricity with Professor Jagdish Sheth
Covers customer-focused business strategy, useful for security practitioners who need to communicate risk and security investment to non-technical stakeholders or clients.
How to Write Emails and Engage Professors
A short practical course on professional communication—worth the time for career changers building academic or industry networks during a tech transition.
Photoshop Professor Notes - Volumes 1–5
A structured reference series for Photoshop, useful for IT professionals who handle visual documentation, security awareness materials, or internal design work alongside their technical responsibilities.
FAQ
Is Professor Messer's Security+ course actually free?
Yes. Every video in the SY0-701 series is free on YouTube and professormesser.com—no account, no trial, no paywall. Practice exams, downloadable study notes, and the companion study group access cost money ($30–$100 depending on what you buy). The videos themselves have been free since Messer started producing them.
Does Professor Messer cover SY0-701 or the older SY0-601?
Both courses exist on his site, but SY0-601 was retired by CompTIA in July 2024. If you're taking Security+ now, use the SY0-701 series exclusively. The domain structure and weightings changed enough between versions that studying from 601 material is a liability, not a shortcut.
How long does it take to complete Professor Messer's Security+ videos?
The full SY0-701 playlist runs approximately 14–16 hours of video content. At a moderate pace with note-taking, most candidates get through it in 2–4 weeks. Add another 20–40 hours for practice exams, review of weak areas, and timed mock exams before your test date. Total study time varies significantly by background—80 hours is a reasonable median estimate for someone without prior security experience.
Are Professor Messer's paid practice exams worth buying?
They're a solid choice—written to align with his teaching style and consistently updated for the current exam version. Jason Dion's practice exams on Udemy are the main alternative, often discounted to under $15 during Udemy's frequent sales. Both are useful. Buying both gives you more question variety, which helps, but isn't necessary for most candidates. What matters more than which one you buy is how you use them: review every wrong answer, understand why the correct answer is correct, and retake until you're consistently hitting 80%+ before scheduling the real exam.
What score do you need to pass Security+?
750 on a scale of 100–900. CompTIA uses scaled scoring, so the raw number of questions you get right doesn't translate directly to a point score. Performance-based questions are weighted differently than standard multiple-choice. The exam doesn't tell you your PBQ score separately, so you won't know exactly where you lost points if you don't pass.
Is Security+ worth it for the DoD 8570 requirement?
Yes, for the specific positions that require it. Security+ satisfies the IAT Level II and IAM Level I requirements under DoDD 8570.01-M (now transitioning to DoDD 8140). If you're pursuing government IT work, contractor positions, or federal agency roles, Security+ is frequently the minimum baseline. For private sector roles outside government contracting, its value depends more on the specific employer—it's widely recognized but not universally required the way it is in defense contexts.
Bottom Line
Professor Messer's Security+ course is the best free resource available for SY0-701 preparation—not because there's no competition, but because it's accurate, consistently updated, and organized around the actual exam blueprint rather than around what makes for engaging video content. If you're starting Security+ prep with zero budget, start here.
Treat the videos as the foundation, not the complete strategy. Pair them with at least one quality practice exam set before you schedule your test. If you're new to IT generally, add a textbook. The total cost of a complete self-study approach—Messer's free videos plus a practice exam package—runs $30–$100. That compares to $2,000+ for instructor-led bootcamps that cover the same material at a fraction of the depth you'll get from deliberate self-study.
Security+ is a genuinely useful credential at the entry and mid-level of the security field, and it's a passable exam with disciplined preparation. Messer's course makes the self-study path as clear as it's going to get. What happens after you watch the videos is up to you.