Blaming the existing systems instead of blaming the hackers, it's like being an astronomer in the middle age. Deciders and business owners will scream and tell their systems are fine, and that the ones who think differently and prove otherwise are at fault.
Suppose you went out and came home to find your window smashed and your most valuable possessions gone. Would you be happy to have received an unscheduled visit from a private security consultant who decided to pay himself a handsome fee in the form of your stuff? No, you'd call the police to report a burglary.
Just because these guys were using computers and you also use computers does not mean they're basically the same as you and would be your good friends if only those mean old suits would get out of the way and let you run everything.
I was answering to the question "why were those guys using their skills for criminal activity instead of working on protecting against those crimes ?".
The thing is, I doubt company deciders really care about real computer security at all, and even if they do, the security market is very slim. OSes are not really designed with security first in mind, while they should be the first ones to do research on it, and apply it steadily.
I can find many reasons why the computer security market is still weak: there are not that many crimes because we don't use computers for many important things (even if it's on the rise), intelligence agencies prefer to let those vulnerabilities in place so they can have the upper hand to investigate or spy other countries (not talking about PRISM), and programmers are still a rare supply, and I don't really see any open discussion in university about computer security theory, it's mostly black hats/white hats folks, it's not really productive.
If those guys committed those crimes, either they are not good enough, but that also means nasdaq systems were weak, or that they were actually good enough, but the computer security job market did not propose them enough money, which is why they risked 20 year prison sentences, because it paid more.
You could compare it with the drug market. Right now those substances are illegal, which allows criminals to make huge amounts of money, but the DEA people will also make money, and are often found to work with criminals. That's an example why most of the time, crime pays, while it would be wiser to make those substance legal, and try to help drug users instead. For computer security, it could be a good idea to stimulate the security market by asking universities to create degrees, and maybe make some government programs to work on computer security, instead of letting it rot like that.