What do you think a good security consultant would deliver, exactly?
A) actual skills, not just a script-kiddy with corporate backing.
B) when they were done, they would leave a place relatively more secure. For example, I can go to a place and say, "look, your windows are insecure, and if you put bars on the windows, it will be more secure." That will be 100% accurate, but not particularly useful, and in practice doesn't address most threats companies face.
C) the primary focus generally should be on securing against remote attacks, because that's where your highest exposure is. Anyone can plop down a wifi pineapple, but most people who do so are security consultants. In practice, black-hats favor remote exploits.