Shuyuan H. Metcalfe, Ph.D. 
Associate Professor | Florida State University
Trusted CI Fellow, The NSF Cybersecurity Center of Excellence
AIS Distinguished Member, CISSP, CSX, CRISC, CISM,
MPhil, MBA, BSc
Shuyuan’s research advances a forward-looking cybersecurity agenda that centers on trusted human-computer interaction as the next frontier of cyber defense. Her work addresses the most consequential human-centered threats in the digital ecosystem—cyber insider threats, computer-mediated deception and deepfakes—by rethinking how trust, intent, and manipulation are detected and defended against in increasingly intelligent and autonomous systems.
At the core of her research program is the theory of trustworthiness attribution, which integrates foundational insights from social psychology, attribution theory, and information systems to model insider threat detection supported by cyberinfrastructure. Building on this foundation, Shuyuan develops the dyadic attribution model, a novel approach for assessing human trustworthiness in sophisticated online interactions where intent is often concealed, mediated, or algorithmically amplified. This framework moves cybersecurity beyond static risk models toward dynamic, relational, and behavior-aware defense systems.
Methodologically, Shuyuan pioneers the use of interactive online games and simulated environments as experimental protocols for studying deception, betrayal, and trust breakdowns in virtual organizations. These environments enable controlled yet realistic observation of adversarial behavior, creating empirical foundations for next-generation cyber defense research. Her sociotechnical approach deliberately bridges theory and practice, combining social-psychological models with pragmatic theories of language-action to establish innovative methods for computational behavioral inference.
A defining contribution of this work is the concept of collective sensing, which positions generative AI and large language networks as mechanisms for integrating language-action cues to infer human disposition, intent, and risk within complex trust relationships. This line of research sets the stage for future cybersecurity systems that do not merely react to attacks, but anticipate, interpret, and adapt to human behavior in real time.
From theory, Shuyuan’s research extends into real-world experiments and applied domains, analyzing digital evidence and big data drawn from social media, network traffic, IoT devices, and multimedia sources to address organizational and societal cybersecurity challenges. To strengthen organizational cyber awareness, she applies activity theory to conceptualize cyber defense as a collective activity system—offering a transformative lens through which organizations can develop shared consciousness of cyber defense, coordinated response, and resilient security cultures.
Her work also engages urgent societal concerns. To counter cyberbullying and the erosion of free expression in digital spaces, Shuyuan develops big-data profiling analytics based on charged language, proposing identification algorithms that enable early intervention and prevention of escalated or criminal online behavior. As cybercrime-as-a-service (CaaS) continues to normalize and scale cyber threats globally, her research underscores the growing importance of advanced cyber forensics for law enforcement, particularly in analyzing distributed, heterogeneous digital evidence across Internet of Things (IoT) ecosystems and network infrastructures.
Beyond institutional and societal defense, Shuyuan’s research agenda also extends to personal cyber resilience. During the pandemic, she developed the social distance nudge, a context-aware mHealth intervention designed to influence and safeguard individual behavior—demonstrating how cybersecurity principles can be translated into human-centered interventions that support everyday decision-making in times of crisis.
Collectively, Shuyuan’s work articulates a vision for the next generation of cybersecurity research—one that integrates human behavior, intelligent systems, and sociotechnical design to redefine how trust, deception, and defense are understood in a digitally mediated world. Her scholarship lays the groundwork for future cybersecurity systems that are not only technically robust, but socially aware, ethically grounded, and adaptive to the evolving human dimensions of cyber risk. Additional details about Shuyuan’s work can be found on her ORCID, Google Scholar and CV.
Shuyuan founded the iSensor Analytics Lab in 2010. iSensor Analytics Lab is primarily focused on conducting sociotechnical research related to human factors (e.g., behavioral threat) in cyberspace. Experiments are conducted in a live, and virtual laboratory. Research data is collected through confined resources and interactions that are based on real-world cyber trust and deception simulations. Shuyuan currently holds a US patent US-17/162,468 on systems and methods for detecting deception in computer-mediated communication, and also has two copyrighted inventions; Veracity AI truth disclosure against adversarial image manipulation; Pandemic Self Defense (TechID 21-003) mHealth intervention that helps mobile phone users with situational awareness during a pandemic.
Keywords for Shuyuan’s research: Trusted human-computer interactions; cyber insider threats; computer-mediated deception; deepfakes; sociotechnical systems; online games for research; language-action cues; information use and seeking behavior; deceptive information behavior; trustworthiness attribution; dyadic attribution model; artificial intelligence; machine/deep learning; computational modeling for complex trust and online deception.
***
Shuyuan teaches Information Systems Security, Information Systems Research, Information systems Management, Cyber Defense Operations, Incident Response, Disaster Recovery, Computer Auditing, Intrusion Detection, Digital and Cyber Forensics, Access Control Models for Intrusion Prevention, and Risk Assessment and Management.
***
Shuyuan’s professional industry experience in information systems security (ISS) encompasses ten years of securing E-commerce systems with public key infrastructure, virtual private networks, systems engineering of role-based access control, policy-based integrated firewall, intrusion detection systems and network security. Shuyuan designed an enterprise information security architecture (EISA) called SIMPL/E (secure information management platform and environment) for a government client. She worked with a team to build a Security Operations Center (SOC) for the military. She completed a large-scale virtual private network technology transfer project for a military research center. Click here for Shuyuan’s curriculum vitae.