Starting a Consultant Firm - Questions

Let me give you a bit of background first:
I currently work for a small company that does web-development. I am
one of their programmers, but absolutely love network security and all
things involved, particularly penetration testing and network
reconnaissance/monitoring. I will be getting certified within the next
few months to provide more credibility to my skillset.

I have pitched the idea of opening a new network security division for
our company and spearheading everything involved, including contacting
potential customers, finding customers, completing the pen-testing,
monitoring activity, etc. But I have a few questions...

1) How do current security professionals find potential clients?

2) What are the most common, and even uncommon services provided?

3) Once exploits are discovered on a particular client's network, does
the consultant help secure the network? Or does the consultant write a
report of everything (s)he has found and deliver that to the client?

4) From current professionals, what approaches do you take when finding
potential clients, and how do you pitch your services to the potential
client?

5) How much is the going rate for services today? I am currently in the
Dallas-Fort Worth area, if that gives a better idea of what to
charge...

6) How much would it roughly cost to start this? I'm expecting it not
to be very expensive, since most tools I will be using are open-source
or free and linux/unix based. But if there are some hidden costs that I
may not know about, answers to this question would be extremely
valuable.

7) Any other information you have regarding network security consulting
services will be extremely appreciated.

Thanks in advance to anyone who replies. Any input is extremely
valuable to me.
--SilentSeraph