One of my biggest takeaways from this event was the fact that the needs of CIOs, IT staffs and consultants (which is where I spend most of my time) are, on the surface, vastly different from the needs of law enforcement. "Victim" IT organizations are primarily concerned with getting rid of a malware infection, regardless of what it is...worm, Trojan, etc. In my experience, eradication and returning the infrastructure to normal operations are the primary concern, with compliance and questions about data loss/exfiltration usually popping up after the fact (i.e., too late).
However, LE is interested in intelligence, some sort of actionable data that can be used to investigate cyber crimes, track down the players and prosecute someone, preferably someone fairly high up the food chain.
At first glance, there may not be an obvious overlap. However, both sides have information available that is useful, even valuable, to the other. LE might have data available about cyber crimes that occur across a wide range of victims...such as, was the incident initiated by a browser drive-by, was it targeted, etc? LE (depending upon the level that we're talking) may have trending information available regarding victim types, intruder/criminal activity, etc. Victim IT organizations will have information available about malware variants, outbound connections (to command-and-control servers, etc.), sensitive information collected, etc.
Where things tend to break down is that in some cases, LE either doesn't track the kind of information that might be useful to victims, or they feel that they can't share it because doing so might expose information. Victim IT organizations many times feel the same way...that they can't share what information they have without exposing information about their infrastructure, intellectual property, or "secret sauce". Sometimes, the victim organizations do not want to contact LE for fear that their name would be included in public documents, exposing the fact that and the means by which they were compromised...something those organizations do NOT want made public.
Another takeaway I got from the conference is that there is a definite organization and structure behind cyber criminal activities. There's a hierarchy to the structure, an economic driver (i.e., money), and individuals in the communities are kicked out if they fail to provide something back to the community. These seem to be driven like businesses without an HR department...maybe there are certain elements to this structure that the good guys could emulate.
Taking this anywhere is going to take some thought and some work.