I would say we don't use hackers or cybercriminals, but interestingly, there are good lessons to be learned in terms of their activities and how they conduct their criminal activities or what have you.
By learning that, you can then make your systems harder or figure out how someone got into a system and then adopt the appropriate prevention approaches. There's actually an industry out there involving penetration testing, a service that companies offer. They'll try to get into a network, and in those cases, those penetration testers usually have to fall under a pretty tight regime.
We have to be a little careful, but we can learn lessons from how hackers operate. We learn them and try to incorporate them into how we protect and follow up.