Formative User-Centered Evaluation of Security Modeling: Results from a Case Study