How to Approach Customers with Security Issues?

stuntshell asks: "We're a group of IT Professionals and we're starting our own consulting firm. We're most systems administrators, and not business admin, nor lawyers, and we're all have worked on big companies and most of the time the job to be performed was just passed on to us. The scope of the work we're about to perform will be security related, so how do you approach a customer in this kind of business? Do you wait for them to come and ask you to test their firewall? Or do you go scanning and discovering holes on other's network for you to offer them your solution? Do write a letter/email or do you propose a meeting? What works?"