Read his column (note, SearchSecure doesn't maintain old archives; this takes you to iranscience.net). My letter to him:
I'm having a hard time matching your observations with the real world. For example, it seems to me, AV is the one thing we can do fairly well. You say "we still haven't got a clue how to stop viruses..." Really? No clue? I think you are overboard on the exaggeration scale.
I don't think our profession is "struggling to gain respect, credibility and funding." There are solutions -- old solutions -- for current problems. Our jobs might be frustrating because enterprises focus on what I've called the Primordial Security Policy (in NetSec Letter #17), namely "Allow anyone 'in here' to get out, for anything, but keep people 'out there' from getting 'in.'" They forget that securing the business is shorthand for maximizing the business while minimizing the risks. And this is always a compromise. They want it all, or -- since you were in a cliche mood -- they want to have their cake and eat it, too.
Is that a problem? A huge one. Is it fixable? I don't know. Is it because we lack technology or process? Not at all. Funding will always be an issue, because it is a business decision requiring comparing cost vs. benefit. But the security practitioner remembers that it is not about *security*. It is about securing *business*. That, too, requires compromise.