The rundown on becoming runZero: What I learned rebranding a company - Part 3

|
Updated

This is part three of our rebrand journey. Be sure to check out part one, part two, and part four.

Executive decision made - and revoked #

At this point, we were running out of time. Over the weekend, I talked with my co-founder about who really needs to sign off on the decision. We decided we had enough data points and specific scores for domain candidates from the team, were running out of time, and needed to make a decision. Sticking with the theme of light, we bought neonray.com and all similar domains with common TLDs. The price of the primary domain had gone up from about $4,000 that morning to about $6,000 by the time we bought it because my co-founder and I both visited the domain a couple of times. We informed the team and wanted to move into execution mode as soon as Monday.

Monday morning, I saw a “Quick Sync” meeting on my calendar at 8:30am. Our VP of Sales, Jay, had slept on our decision and thought that the name was too gimmicky and childish. He couldn’t see himself representing a company called NeonRay to a big government agency or Fortune 500 company. Jess, who runs branding, shared Jay’s opinion. If I needed two people to support the new brand apart from my co-founder, it was these two. Lesson learned about executive decisions and time for another naming round.

Learning #5: Determine the critical decision-makers early and ensure alignment on all possibilities. Check back in before the final decision to ensure they support it.

Reviving other avenues #

At this point, I received good news from ACME Corporation: they had gotten approval from the marketing department to sell LightOptionB, plus a dozen of adjacent domains with different TLDs. All they needed to proceed was a number to put this in front of the pipeline committee, which approved M&A activities.

That meant I had to come up with a price that was acceptable to us, would incentivize them to move, and base the prices on hard data.

How to price a domain #

Determining the right price for a domain can be seen through the eyes of the seller and the buyer. It’s hard to put a number to it, but ultimately you have to do it and defend it if you want to make a deal happen. The closest analogy I found was the housing market: look at features of the house, location, and comps.

Here are some things that increase the value of a domain:

  • Dot com domains
  • Short names
  • Common English words
  • Things that you can buy (e.g. hotels.com vs. inception.com)

These attributes lower the value of a domain:

  • Misspellings (think Fiverr.com)
  • Word combinations
  • Negative connotations
  • Alternative spellings (grey vs. gray)
  • Newer TLDs, e.g. dot run

To price out LightOptionB.com (an alias to protect the identity of the owner of the website), I used the website namebio.com, which lists past public sales of domains on public sites like BuyDomains, GoDaddy, and DropCatch. The domain was a combination of a common and a less common English word. I entered each separate word into namebio.com, filtered by .com only and looked at two-word combinations for these words.

Because I wanted to incentivize the seller to move, I picked the top end of the range for each, doubled it, and made that my offer. I did this for all of the dozen similar domains that ACME Corporation was willing to sell, giving them a package price for the domain. The offer was at a reasonable level where it was still their time but still low in comparison to their multi-million dollar company acquisitions. I provided all comp data to support my offer, which they accepted without questions as our first offer.

The unfortunate events resurface #

The clock was ticking, and we were far enough down the road with ACME Corporation that we felt comfortable starting to plan execution of the naming change. We broadened the inner circle to the entire marketing team and conducted a three-day offsite where we talked through visual branding, brand language, and logistics of executing on the change. Everyone was excited about this new name, and we made huge progress.

At the end of the final planning day, I received an email from ACME Corporation with an update. The security team had blocked the deal. They weren’t comfortable with another company controlling the domain because it would enable the new owner to reset any passwords with third-party services ever set up with a LightOptionB.com email address, as well as other more advanced attack scenarios. The deal was dead.

Brute forcing the problem #

At this point, my co-founder HD Moore took a different approach. Availability of the dot com domains was the gating factor, so we should test for this as early as possible in the process and at scale.

He downloaded the DNS zone transfer files for dot com, dot biz and dot net. Next, he wrote a script that combined all starting words we had come up with in the initial brainstorming round, plus variations and associations, a list of common English words with positive connotations, plus a list of possible suffixes (think go- and -ly), and generated potential domains that we may want to register. The script tested all names offline against the list of known registered domains and created output files of all unregistered dot com domains that were available for $12 a piece.

Going through the list of tens of thousands of auto-generated domains was a chore. We listed the viable choices and scored them against the SMILE and SCRATCH tests. The team members then scored each top contestant individually as we had done in previous rounds (more often than not we were not on the same page).

When we found an auto-generated name that was almost right but not quite, we checked if a slightly better name was available as a buy now domain and added it to the sheet, scoring it in the same way.

The automated search also surfaced some interesting facts. There were significantly fewer domains available containing words associated with the theme “light”, only surpassed by the theme “network”.

Follow the story #

Part four was published on Friday, September 16, so be sure to follow the story. Also, don’t forget to subscribe for regular blog notifications.

Written by Chris Kirsch

Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, the world’s largest hacker conference.

More about Chris Kirsch
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved