Being bad at defense doesn't necessarily imply being bad at offense. Security is hard because you have to win 100% of the time. Being good at cyberespionage means getting a win now and then. I'm not saying the US is good at it, just that neither the OMB breach nor the Snowden incident bear on that. And a lot of the info released by Snowden indicate they were pretty good at it (at least targeting their own citizens) or those disclosures wouldn't be such a big deal.
I've never been caught. Does that make me good at cyberespionage? I think there's more to it than that. You might argue necessary but not sufficient, but I'd even disagree with that. The fact that the NSA was outed by Snowden has not made everything they're doing ineffective or we wouldn't be so worried about it.
